gilex-dev
/
YetAnotherToDoList
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
YetAnotherToDoList/server/README.md

564 B
Raw Blame History

Server

SSL/TLS

You can generate a self-signed certificate for testing like this:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout keyFile.key -out certFile.crt

Or obtain a signed certificate from let's encrypt.

CSRF

CSRF should not be possible because we check for the Authorization http header (instead of cookies) when accessing protected recourses.

Because of this, CRIME/BREACH http attacks should also be not possible.

XSS

We rely on Vue.js's ability to escape user-input in templates.