dhis2-devs team mailing list archive

Thread
Date

[Branch ~dhis2-documenters/dhis2/dhis2-docbook-docs] Rev 1019: Docs, caveat on nginx cache

To: DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Wed, 09 Apr 2014 10:30:35 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

------------------------------------------------------------
revno: 1019
committer: Lars Helge Øverland <larshelge@xxxxxxxxx>
branch nick: dhis2-docbook-docs
timestamp: Wed 2014-04-09 12:29:56 +0200
message:
  Docs, caveat on nginx cache
modified:
  src/docbkx/en/dhis2_implementation_guide_installation.xml


--
lp:~dhis2-documenters/dhis2/dhis2-docbook-docs
https://code.launchpad.net/~dhis2-documenters/dhis2/dhis2-docbook-docs

Your team DHIS 2 developers is subscribed to branch lp:~dhis2-documenters/dhis2/dhis2-docbook-docs.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-documenters/dhis2/dhis2-docbook-docs/+edit-subscription

=== modified file 'src/docbkx/en/dhis2_implementation_guide_installation.xml'
--- src/docbkx/en/dhis2_implementation_guide_installation.xml	2014-02-11 17:17:42 +0000
+++ src/docbkx/en/dhis2_implementation_guide_installation.xml	2014-04-09 10:29:56 +0000
@@ -376,6 +376,13 @@
 }
 
 </screen>
+      <important>
+        <para>Be aware that a server side cache shortcuts the DHIS 2 security features in the sense
+          that requests which hit the server side cache will be served directly from the cache
+          outside the control of DHIS 2 and the servlet container. This implies that request URLs
+          can be guessed and reports retrieved from the cache by unauthorized users. Hence, if you
+          capture sensitive information, setting up a server side cahce is not recommended.</para>
+      </important>
     </section>
     <section>
       <title>Starting tomcat and nginx on boot-time</title>