Index: openacs-4/packages/acs-core-docs/www/security-requirements.adp =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/security-requirements.adp,v diff -u -r1.1.2.1 -r1.1.2.2 --- openacs-4/packages/acs-core-docs/www/security-requirements.adp 23 Sep 2015 11:54:53 -0000 1.1.2.1 +++ openacs-4/packages/acs-core-docs/www/security-requirements.adp 23 Jun 2016 08:32:46 -0000 1.1.2.2 @@ -24,17 +24,17 @@ displaying the name of the user on certain pages or can be as sophisticated as dynamically recommending sections of site that the user may be interested in based on prior browsing history. In any -case, the user's identity must be validated and made available to -the rest of the system. In addition, sites such as ecommerce +case, the user's identity must be validated and made available +to the rest of the system. In addition, sites such as ecommerce vendors require that the user identity be securely validated.

Security System Overview

The security system consists of a number of subsystems.

Signed Cookies

Cookies play a key role in storing user information. However, -since they are stored in plaintext on a user's system, the validity -of cookies is an important issue in trusting cookie information. -Thus, we want to be able to validate a cookie, but we also want to -validate the cookie without a database hit.