Make clear that HTTPS provides basic security...
whereas the other things are advantaged security features.
This commit is contained in:
parent
2cde59821a
commit
2ee9325f49
1 changed files with 3 additions and 2 deletions
|
@ -40,9 +40,10 @@ without loosing any data.
|
|||
|
||||
- As a user you have to trust the server administrator, your internet provider
|
||||
and any country the traffic passes not to inject any malicious javascript code.
|
||||
Ideally, the PrivateBin installation used should provide HTTPS, secured by
|
||||
For a basic security the PrivateBin installation *has to provide HTTPS*!
|
||||
Additionally it should be secured by
|
||||
[HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) and
|
||||
[HPKP](https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning) using a
|
||||
ideally by [HPKP](https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning) using a
|
||||
certificate either validated by a trusted third party (check the certificate
|
||||
when first using a new PrivateBin instance) or self-signed by the server
|
||||
operator, validated using a
|
||||
|
|
Loading…
Reference in a new issue