# Server

## SSL/TLS

You can generate a self-signed certificate for testing like this:

```bass
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout keyFile.key -out certFile.crt
```

Or obtain a signed certificate from [let's encrypt](https://letsencrypt.org/).

## CSRF

CSRF should not be possible because we check for the `Authorization` http header
(instead of cookies) when accessing protected recourses.

Because of this, CRIME/BREACH http attacks should also be not possible.

## XSS

We rely on Vue.js's ability to escape user-input in templates.