23 lines
564 B
Markdown
23 lines
564 B
Markdown
# Server
|
|
|
|
## SSL/TLS
|
|
|
|
You can generate a self-signed certificate for testing like this:
|
|
|
|
```bass
|
|
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout keyFile.key -out certFile.crt
|
|
```
|
|
|
|
Or obtain a signed certificate from [let's encrypt](https://letsencrypt.org/).
|
|
|
|
## CSRF
|
|
|
|
CSRF should not be possible because we check for the `Authorization` http header
|
|
(instead of cookies) when accessing protected recourses.
|
|
|
|
Because of this, CRIME/BREACH http attacks should also be not possible.
|
|
|
|
## XSS
|
|
|
|
We rely on Vue.js's ability to escape user-input in templates.
|