Make clear that HTTPS provides basic security...

whereas the other things are advantaged security features.
This commit is contained in:
rugk 2016-08-24 23:28:54 +02:00 committed by GitHub
parent 2cde59821a
commit 2ee9325f49
1 changed files with 3 additions and 2 deletions

View File

@ -40,9 +40,10 @@ without loosing any data.
- As a user you have to trust the server administrator, your internet provider - As a user you have to trust the server administrator, your internet provider
and any country the traffic passes not to inject any malicious javascript code. and any country the traffic passes not to inject any malicious javascript code.
Ideally, the PrivateBin installation used should provide HTTPS, secured by For a basic security the PrivateBin installation *has to provide HTTPS*!
Additionally it should be secured by
[HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) and [HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) and
[HPKP](https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning) using a ideally by [HPKP](https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning) using a
certificate either validated by a trusted third party (check the certificate certificate either validated by a trusted third party (check the certificate
when first using a new PrivateBin instance) or self-signed by the server when first using a new PrivateBin instance) or self-signed by the server
operator, validated using a operator, validated using a