* Patch from James Westby to add a --sslcookie switch, which forces

[ikiwiki.git] / doc / security.mdwn

diff --git a/doc/security.mdwn b/doc/security.mdwn
index dc763ef40a01bbae7d0f7ec09a3b8d08130dee89..9d7702dde3a09053fb09c27a9553a8829f4068e6 100644 (file)
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -134,7 +134,9 @@ file not be world readable.
 
 Login to the wiki involves sending a password in cleartext over the net.
 Cracking the password only allows editing the wiki as that user though.
-If you care, you can use https, I suppose.
+If you care, you can use https, I suppose. If you do use https either for
+all of the wiki, or just the cgi access, then consider using the sslcookie
+option.
 
 ## XSS holes in CGI output