1
0
mirror of https://github.com/moparisthebest/mail synced 2024-11-25 10:22:18 -05:00

update security in readme

This commit is contained in:
Tankred Hase 2014-01-16 11:45:57 +01:00
parent 7ebdf1bfab
commit a8eadec9e6

View File

@ -3,16 +3,17 @@ mail-html5 [![Build Status](https://travis-ci.org/whiteout-io/mail-html5.png)](h
Whiteout Mail is a mail client with full IMAP, SMTP, TLS and OpenPGP support written in pure JavaScript. The Client is distributed as a [Chrome Packaged App](https://developer.chrome.com/apps/about_apps.html) since it requires [TCP sockets](http://developer.chrome.com/apps/socket.html). Download the official version under [whiteout.io](http://whiteout.io).
### Security
### Security and Privacy
* The client talks directly via IMAP/SMTP to your mail server. Your data and your private PGP key are stored encrypted on your computer and are never sent to our our servers.
* The app is deployed as an auditable packaged app with static versions in order to prevent [problems with host-based security](http://tonyarcieri.com/whats-wrong-with-webcrypto).
* [Content Securit Policy (CSP)](http://www.html5rocks.com/en/tutorials/security/content-security-policy/) is enforced to prevent against injection attacks.
* The code is still under heavy development and is yet not recommended for production use. That being said, we have done multiple code audits and penetration tests (which will be published as soon as all reported vulnerabilities are fixed).
* The code is still under heavy development and is not yet recommended for production use. That being said, we have done multiple code audits and penetration tests (which will be published regularly once all reported vulnerabilities are fixed).
### Reporting bugs and feature requests
* We will launch a bug bounty program later on the compensate security researchers. If you find any security vulnerabilites, don't hesitate to contact us [security@whiteout.io](mailto:security@whiteout.io).
* You can also just create an [issue](https://github.com/whiteout-io/mail-html5/issues) if you're missing a feature or just want to give us feedback.
* You can also just create an [issue](https://github.com/whiteout-io/mail-html5/issues) on GitHub if you're missing a feature or just want to give us feedback. It would be much appreciated!
### Testing
@ -41,4 +42,4 @@ Many of the libraries we use are licensed under an open source license. Here are
* [Inbox](https://github.com/andris9/inbox): Simple IMAP client for node.js
* [Nodemailer](http://www.nodemailer.com): SMTP client for node.js
* [Forge](https://github.com/digitalbazaar/forge): An implementation of TLS in Javascript
* [node-shims](https://github.com/whiteout-io/node-shims): A basic set shims of commonly used node API for use in the browser
* [node-shims](https://github.com/whiteout-io/node-shims): A basic set shims of commonly used node APIs for use in the browser