Hanfei,

I'd be happy to take a look at the report and share it with the rest of the 
team if you'd like to send it directly to me.

Regarding SSL, this is definitely something that you can set up for your own 
instance, see the documentation for configuring proxies on the wiki 
http://wiki.g2.bx.psu.edu/Admin/Config/Performance/nginx%20Proxy.

Thanks!

-Dannon

On Sep 24, 2012, at 12:01 AM, Hanfei Sun <ad9...@gmail.com> wrote:

> Hello Galaxy-team,
> 
> A galaxy instance is being hold on our server. 
> But last week, an expert in security makes some tests on our server. He 
> warned us that the user creation and login script can be injected with 
> executable javascript in Galaxy, which may make our server vulnerable.
> 
> He gives us a report of 3 pages (other issues including Non-SSL Password and 
> cookie of Galaxy). 
> We don't know whether it's serious and whether we need to fix these issues 
> immediately. 
> Is Galaxy going to update for issues? Or we need to modify them ourselves? 
> Any suggestion is appreciated.
> Thanks!
> 
> 
> -- 
> Hanfei Sun
> Sent with Sparrow
> 
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
> 
>  http://lists.bx.psu.edu/

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

  http://lists.bx.psu.edu/

Reply via email to