This page gives a quick overview of important security and privacy relevant configuration information of the OpenACS installation. Some of these parameters are taken from the used configuration file @ns_info_config@, and some information is defined via OpenACS package parameters or the OpenACS permission system.
Please note that this page provides just a quick overview of the configuration of this site and cannot replace any detailed vulnerability check.
The following subset of security parameters are configured for this system. The full list of parameters are available from the Site-Wide Administration pages and from the site map of the defined subsites.
Parameter | Package | Value | Diagnosis |
---|---|---|---|
@parameter_check.parameter_name@ |
@parameter_check.package@ | @parameter_check.diagnosis@ |
The following information is collected from requests to @current_location@/... from a not-logged-in user. The current location is taken from the request URL of this page. You might consider calling this page with a different domain name in the browser URL.
The following sections list common places which might or might not reveal information to third parties. The requirements for an internal development instance are typically different from a public community web site. The diagnosis is based on the assumption that there is no firewall protection of the site.
URLs revealing potentially @link_check.type@ information | |||
URL | Status | Permission Info | Diagnosis |
---|---|---|---|
@link_check.status@ |
|
@link_check.diagnosis@ |
In addition to these common places, please check the details via site
nodes. This site has @numSiteNodesEntries@ site node entries.
URL | Status | Diagnosis |
---|---|---|
@machine_readable.status@ | @machine_readable.diagnosis@
|
The following subset of security-related response header fields will be returned when the home page of this server is requested:
Header Field | Value |
---|---|
@hdr_check.field@ | @hdr_check.value@ |
You might consider testing the security of your HTTPs setup for @host_header@ via the SSL Labs service from Qualys.
The following summary is based on the recommended setup of external JavaScript libraries (providing a proc with "resource_info"). These libraries can be used via CDN or a local copy of the library. The CDN state can be altered via the site-wide admin pages, included in the links below.
Library | Installed Locally | Configured Version | Vulnerability Check | Available Version | Diagnosis |
---|---|---|---|---|---|
@library_check.library@ |
|
@library_check.configured_version;literal@ | @library_check.available@ | @library_check.diagnosis@ |