arno/privatebin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Updated Home (markdown)

El RIDO 2015-11-09 20:42:27 +01:00
parent 09f88edb89
commit cb57aeeafc
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Home.md

@ -29,6 +29,15 @@ without loosing any data.
- As a user you have to trust the server administrator, your internet provider
and any country the traffic passes not to inject any malicious javascript code.
Ideally, the ZeroBin installation used would provide HTTPS, secured by
[HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) and
[HKPH](https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning) using a
certificate either validated by a trusted third party (check the certificate
when first using a new ZeroBin instance) or self-signed by the server operator,
validated using a
[DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) protected
[DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities)
record.
- The "key" used to encrypt the paste is part of the URL. If you publicly post
the URL of a paste that is not password-protected, everybody can read it.