YetAnotherToDoList/server/README.md

23 lines
564 B
Markdown

# Server
## SSL/TLS
You can generate a self-signed certificate for testing like this:
```bass
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout keyFile.key -out certFile.crt
```
Or obtain a signed certificate from [let's encrypt](https://letsencrypt.org/).
## CSRF
CSRF should not be possible because we check for the `Authorization` http header
(instead of cookies) when accessing protected recourses.
Because of this, CRIME/BREACH http attacks should also be not possible.
## XSS
We rely on Vue.js's ability to escape user-input in templates.