add basic security pages #985
Conversation
source/security.rst
Outdated
| Security Concerns | ||
| ----------------- | ||
|
|
||
| **The Good:** |
There was a problem hiding this comment.
I know I gave you this phrase in the other comment, but we likely need something better.
There was a problem hiding this comment.
hmm, maybe "State of Security" ? the section could be updated as security concerns are found and develop
There was a problem hiding this comment.
Maybe it's just one section called considerations?
There was a problem hiding this comment.
Oh, you know I meant those 2 headings The good and The bad - maybe it's just one section? Or maybe advantages and limitations? Then maybe another section called controls for things like file browsing that you can change after you install?
There was a problem hiding this comment.
I think what you have is a good start. Can you fix the conflict so we can see how it's deployed and looks.
| authentication/overview | ||
| how-tos/monitoring/logging | ||
| customizations |
There was a problem hiding this comment.
I'm not in love with blink links. I mean - yes we log, but what's the context here, is that good or bad? Does it need updated, does the default work well? Yes we have customizations, but are they secure/insecure?
I think what we need is more up the page where the other considerations are. Something like
- Out of the box OnDemand will let users explore the file entire system. The web server runs as the users, so it will still adhere to FACLs when attempting to view files. However, you set an allowlist to only show certain file paths or disable this altogether. (with links to the given configurations)
It's stuff like that - describing some behaviors that may be unwanted and specific links on how to control that.
We can keep this ToC here - but I feel like we need to be more direct with the reader and not just hope they explore and find the relevant info (and make the relevant connections) themselves.
There was a problem hiding this comment.
... yes we log, but what's the context here, is that good or bad?
the context is logging works as 'how-tos/monitoring/logging' describes.
I don't think I can tell people if a feature is good or bad. I think I can only remove doubt about what a feature is, so people can be convinced whatever judgements they make (if they make any) are just.
If there are specific situations you think should be documented I can open up issues and work on writing something up for them and getting them added.
i'll try to update the 'considerations' from your comment
|
thanks! that sounds like a good plan to me. |
https://osc.github.io/ood-documentation-test/add-basic-security-pages/
add basic security pages
incorporated feedback from my last attempt