Tidy-up - mainly because I discovered I was generating pages which did not

fully validate as HTML. Fixed.
2026-04-12 18:05:06 +00:00 · 2015-01-29 21:08:13 +00:00 · 2015-01-29 21:08:13 +00:00 · 09aa1bdc90
commit 09aa1bdc90
parent 1e7ad73fa4
10 changed files with 68 additions and 52 deletions
--- a/README.md
+++ b/README.md
@ -20,7 +20,7 @@ Security is now greatly improved. There is a file called *passwd* in the *resour
    {:admin {:password "admin" :email "admin@localhost"}
     :adam {:password "secret" :email "adam@localhost"}}

-that is to say, the username is a keyword and the corresponding password is a string. However, since version 0.5.0, users can now change their own passwords, and when the user changes their password their new password is encrypted using the [scrypt](http://www.tarsnap.com/scrypt.html) one-way encryption scheme. The password file is now no longer either in the *resources/public* directory so cannot be downloaded through the browser, and is no longer in the git archive to which the Wiki content is stored, so that even if that git archive is remotely clonable an attacker cannot get the password file that way.
+that is to say, the username is a keyword and the corresponding password is a string. However, since version 0.5.0, users can now change their own passwords, and when the user changes their password their new password is encrypted using the [scrypt](http://www.tarsnap.com/scrypt.html) one-way encryption scheme. The password file is now no longer either in the *resources/public* directory so cannot be downloaded through the browser, nor in the git archive to which the Wiki content is stored, so that even if that git archive is remotely clonable an attacker cannot get the password file that way.

 There's still no mechanism to add a new user to the system through the user interface; you do sill have to do that by editing the password file in an editor.