From 2ee9325f49d9d700936fa7fa3289783747c6620f Mon Sep 17 00:00:00 2001 From: rugk Date: Wed, 24 Aug 2016 23:28:54 +0200 Subject: [PATCH] Make clear that HTTPS provides basic security... whereas the other things are advantaged security features. --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c04d961..2c17e5e 100644 --- a/README.md +++ b/README.md @@ -40,9 +40,10 @@ without loosing any data. - As a user you have to trust the server administrator, your internet provider and any country the traffic passes not to inject any malicious javascript code. - Ideally, the PrivateBin installation used should provide HTTPS, secured by + For a basic security the PrivateBin installation *has to provide HTTPS*! + Additionally it should be secured by [HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) and - [HPKP](https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning) using a + ideally by [HPKP](https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning) using a certificate either validated by a trusted third party (check the certificate when first using a new PrivateBin instance) or self-signed by the server operator, validated using a