commit 14af7c2cbeb9df087dafd649084e41fbb4d15206
parent cec79bfe50186661567df36afb6c050b93acb85e
Author: Robert Miner <robertm@dessci.com>
Date: Mon, 27 Jun 2011 09:37:26 -0500
added a section on secure access to the CDN to the docs
Diffstat:
1 file changed, 24 insertions(+), 0 deletions(-)
diff --git a/docs/source/start.rst b/docs/source/start.rst
@@ -57,6 +57,30 @@ sure to read that before linking to the MathJax CDN server.
To see how to enter mathematics in your web pages, see `Putting
mathematics in a web page`_ below.
+Secure Access to the CDN
+------------------------
+
+When the the MathJax CDN is accessed via the address
+``http://cdn.mathjax.org``, data is downloaded over a regular, insecure
+HTTP connection. This introduces a security risk, since it is
+possible a hostile 3rd party could intercept the MathJax program data,
+and replace it. This is sometimes called a
+`man-in-the-middle <http://en.wikipedia.org/wiki/Man-in-the-middle_attack>`_ attack.
+
+To prevent such attacks, it is necessary to access the MathJax CDN
+over a secure HTTPS connection. This can be easily done by using the
+following ``<script>`` tag instead of the one listed above:
+
+.. code-block:: html
+
+ <script type="text/javascript"
+ src="https://d3eoax9i5htok0.cloudfront.net/mathjax/latest/MathJax.js?config=TeX-AMS-MML_HTMLorMML">
+ </script>
+
+Currently, the Amazon Cloudfront service used by the MathJax CDN does
+not support the use of a human-friendly name like cdn.mathjax.org for
+secure connections. However, this address is stable and safe to use.
+
Installing Your Own Copy of MathJax
===================================
