From d98514febc67bef6730bc989afb551c321064ffb Mon Sep 17 00:00:00 2001
From: willtp87 <willtp87@hotmail.com>
Date: Tue, 27 Nov 2012 14:57:19 -0400
Subject: [PATCH] ISLANDORA-780

Documenting potential security issue.
---
 README | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/README b/README
index 7a642cc4..56e4618a 100644
--- a/README
+++ b/README
@@ -7,3 +7,10 @@ https://wiki.duraspace.org/display/ISLANDORA/Islandora
 All bugs, feature requests and improvement suggestions are tracked at the DuraSpace JIRA: 
 
 https://jira.duraspace.org/browse/ISLANDORA
+
+Fedora/Drupal Security
+======================
+The islandora_drupal_filter passes the username of 'anonymous' through to Fedora for unauthenticated 
+Drupal Users.  A user with the name of 'anonymous' may have XACML policies applied to them that are
+meant to be applied to Drupal users that are not logged in or vice-versa.  This is a potential security
+issue that can be plugged by creating a user named 'anonymous' and restricting access to the account.