dirk
/
honk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

trustno1

This commit is contained in:
Ted Unangst 2019-04-14 14:17:50 -04:00
parent 1fd6865996
commit 5e921b566f
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/security.txt
View File

@ -5,6 +5,10 @@ honk is not currently hardened against SSRF, server side request forgery. Be
mindful of what else may be reachable on localhost or the local network if
it's not generally accessible.
Key and signature verification is best effort, but some forgeries may sneak
past. In particular, tying together key name, key owner, actor, object, etc.
is incomplete.
How are user keys supposed to be rotated? Expired? Revoked?
The current answer is never, never, never.