1
0
mirror of https://github.com/moparisthebest/mail synced 2024-12-24 00:08:48 -05:00

update security in readme

This commit is contained in:
Tankred Hase 2014-01-16 11:48:31 +01:00
parent a8eadec9e6
commit 750234d57a

View File

@ -8,6 +8,7 @@ Whiteout Mail is a mail client with full IMAP, SMTP, TLS and OpenPGP support wri
* The client talks directly via IMAP/SMTP to your mail server. Your data and your private PGP key are stored encrypted on your computer and are never sent to our our servers.
* The app is deployed as an auditable packaged app with static versions in order to prevent [problems with host-based security](http://tonyarcieri.com/whats-wrong-with-webcrypto).
* [Content Securit Policy (CSP)](http://www.html5rocks.com/en/tutorials/security/content-security-policy/) is enforced to prevent against injection attacks.
* SSL certificates are pinned under [`src/ca/`](https://github.com/whiteout-io/mail-html5/tree/master/src/ca) in order to protect against SSL stripping and other man in the middle attacks.
* The code is still under heavy development and is not yet recommended for production use. That being said, we have done multiple code audits and penetration tests (which will be published regularly once all reported vulnerabilities are fixed).
### Reporting bugs and feature requests