[Catalog-sig] Fwd: readthedocs.org or packages.python.org?
Donald Stufft
donald.stufft at gmail.com
Thu Feb 7 00:45:07 CET 2013
On Wednesday, February 6, 2013 at 6:41 PM, Richard Jones wrote:
> So the only real solution is the one you use, which is to set up the
> unsafe content on a separate domain. Easy enough, even I can buy
> domains ;-)
This is accurate (basically), at least if you want javascript to still be javascript and
such. A completely separate domain only for user uploaded content that itself has
no secure content (so no cookies to steal or anything). SSL is optional since it's a
separate domain. (Suggested to at least have SSL be an option though).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20130206/b624d099/attachment.html>
More information about the Catalog-SIG
mailing list