flo/nsupdate.info
1
0
Fork 0
Code Issues 1 Pull Requests 2 Packages Releases Activity

point out MITM risk when not using https for querying the IP

Browse Source
This commit is contained in:
Thomas Waldmann 2014-11-15 16:05:29 +01:00
parent 36d4445c97
commit 70ab452484
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/security.rst
View File

@ -25,6 +25,11 @@ not work).
On the hosts overview page, we show whether we received the last update via TLS. On the hosts overview page, we show whether we received the last update via TLS.
Please note that if you like security, you also need to use https (with
certificate verification) if you use the web-based method to query your IP
address. If you use http, a powerful attacker could MITM your request and
tell you a wrong IP, which your updater then would happily write into DNS.
Login with remote vs. local Account Login with remote vs. local Account
=================================== ===================================