Make clear that HTTPS provides basic security...
whereas the other things are advantaged security features.
This commit is contained in:
parent
2cde59821a
commit
2ee9325f49
@ -40,9 +40,10 @@ without loosing any data.
|
|||||||
|
|
||||||
- As a user you have to trust the server administrator, your internet provider
|
- As a user you have to trust the server administrator, your internet provider
|
||||||
and any country the traffic passes not to inject any malicious javascript code.
|
and any country the traffic passes not to inject any malicious javascript code.
|
||||||
Ideally, the PrivateBin installation used should provide HTTPS, secured by
|
For a basic security the PrivateBin installation *has to provide HTTPS*!
|
||||||
|
Additionally it should be secured by
|
||||||
[HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) and
|
[HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) and
|
||||||
[HPKP](https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning) using a
|
ideally by [HPKP](https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning) using a
|
||||||
certificate either validated by a trusted third party (check the certificate
|
certificate either validated by a trusted third party (check the certificate
|
||||||
when first using a new PrivateBin instance) or self-signed by the server
|
when first using a new PrivateBin instance) or self-signed by the server
|
||||||
operator, validated using a
|
operator, validated using a
|
||||||
|
Loading…
Reference in New Issue
Block a user