From 14af7c2cbeb9df087dafd649084e41fbb4d15206 Mon Sep 17 00:00:00 2001
From: Robert Miner <robertm@dessci.com>
Date: Mon, 27 Jun 2011 09:37:26 -0500
Subject: [PATCH] added a section on secure access to the CDN to the docs

---
 docs/source/start.rst | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/docs/source/start.rst b/docs/source/start.rst
index 2490cb6ef..8109dd73e 100644
--- a/docs/source/start.rst
+++ b/docs/source/start.rst
@@ -57,6 +57,30 @@ sure to read that before linking to the MathJax CDN server.
 To see how to enter mathematics in your web pages, see `Putting
 mathematics in a web page`_ below.
 
+Secure Access to the CDN
+------------------------
+
+When the the MathJax CDN is accessed via the address
+``http://cdn.mathjax.org``, data is downloaded over a regular, insecure
+HTTP connection.  This introduces a security risk, since it is
+possible a hostile 3rd party could intercept the MathJax program data,
+and replace it.  This is sometimes called a
+`man-in-the-middle <http://en.wikipedia.org/wiki/Man-in-the-middle_attack>`_ attack.
+
+To prevent such attacks, it is necessary to access the MathJax CDN
+over a secure HTTPS connection.  This can be easily done by using the
+following ``<script>`` tag instead of the one listed above:
+
+.. code-block:: html
+
+    <script type="text/javascript"
+      src="https://d3eoax9i5htok0.cloudfront.net/mathjax/latest/MathJax.js?config=TeX-AMS-MML_HTMLorMML">
+    </script>
+
+Currently, the Amazon Cloudfront service used by the MathJax CDN does
+not support the use of a human-friendly name like cdn.mathjax.org for
+secure connections. However, this address is stable and safe to use.
+
 
 Installing Your Own Copy of MathJax
 ===================================