From e1fcacbca5deccf9b4156df7bcf16f6eae1b064c Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Tue, 1 Jul 2008 21:00:30 +0000
Subject: [PATCH] Added general question on other security concerns

---
 src/site/fml/faq.fml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/site/fml/faq.fml b/src/site/fml/faq.fml
index 10acece57a..0002f2c50a 100644
--- a/src/site/fml/faq.fml
+++ b/src/site/fml/faq.fml
@@ -4,6 +4,21 @@
 
     <part id="general">
     <title>General</title>
+    	
+    <faq id="other-concerns">
+    	<question>Will Spring Security take care of all my application security requirements?</question>
+    	<answer>
+    		<p>Spring Security provides you with a very flexible framework for
+    			your authentication and authorization requirements, but there are many other considerations
+    			for building a secure application that are outside its scope. Web applications are
+    			vulnerable to all kinds of attacks which you should be familiar with, preferably before you 
+    			start development so you can design and code with them in mind from the beginning. 
+    			Check out the <a href="http://www.owasp.org/">OWASP web site</a>
+    			for information on the major issues facing web application developers and the countermeasures
+    			you can use against them.
+    		</p>
+    	</answer>
+    </faq>
     <faq id="web-xml">
 	    <question>Why not just use web.xml security?</question>
 	    <answer>