others edit pages in your wiki, then some possible security issues do need
to be kept in mind.
+[[toc levels=2]]
+
----
# Probable holes
Login to the wiki involves sending a password in cleartext over the net.
Cracking the password only allows editing the wiki as that user though.
-If you care, you can use https, I suppose.
+If you care, you can use https, I suppose. If you do use https either for
+all of the wiki, or just the cgi access, then consider using the sslcookie
+option.
## XSS holes in CGI output
point. #[378412](http://bugs.debian.org/378412) could affect us, although it
doesn't seem very exploitable. It has a simple fix, and has been fixed in
Debian unstable.
+
+## include loops
+
+Various directives that cause one page to be included into another could
+be exploited to DOS the wiki, by causing a loop. Ikiwiki has always guarded
+against this one way or another; the current solution should detect all
+types of loops involving preprocessor directives.