Skip to content
This repository has been archived by the owner on Jan 8, 2024. It is now read-only.

Encourage HSTS in SDK #16

Open
maxdos64 opened this issue Mar 26, 2019 · 0 comments
Open

Encourage HSTS in SDK #16

maxdos64 opened this issue Mar 26, 2019 · 0 comments
Assignees
@arkocal
Labels
security

Comments

@maxdos64
Copy link

HTTP Strict Transport Security concept should be implemented for all client APIs

This means that no request should never be sent from the client
to the server without TLS (not even the initial request).
Only exception is if the user/admin explicitly indicates so (e.g., running client in secured cluster)
Multiple bold warnings need to be added in the specifications and wiki to warn the user of using it outside of secure environments
@maxdos64 maxdos64 assigned arkocal and srware and unassigned srware Mar 26, 2019
@arkocal arkocal changed the title HSTS Encourage HSTS in SDK Mar 26, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@arkocal arkocal

Labels
security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@arkocal @maxdos64 @srware