aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLaurent Ghigonis <laurent@p1sec.com>2013-06-16 23:43:46 +0200
committerLaurent Ghigonis <laurent@p1sec.com>2013-06-16 23:43:46 +0200
commit822ee47e0a79e100b42ca08ba8a4ebcef5d6b157 (patch)
tree7790dc76745e38c932e3f4f5220635b4349f63e4
parentjsaccess: css (diff)
downloadlaurent-tools-822ee47e0a79e100b42ca08ba8a4ebcef5d6b157.tar.xz
laurent-tools-822ee47e0a79e100b42ca08ba8a4ebcef5d6b157.zip
jsaccess: advise to use https to protect client targeted attacks
-rw-r--r--jsaccess/README.txt5
1 files changed, 5 insertions, 0 deletions
diff --git a/jsaccess/README.txt b/jsaccess/README.txt
index 45102bf..da1dc5c 100644
--- a/jsaccess/README.txt
+++ b/jsaccess/README.txt
@@ -2,6 +2,11 @@ jsaccess - download and decrypt files in the browser
2013, Laurent Ghigonis <laurent@gouloum.fr>
Provide protected access to files on a web server without htaccess or https.
+The files are stored AES256 encrypted on the server, and decrypted on download
+in the web browser.
+
+You should still use https to protect against client targeted attacks like
+mitm on the javascript code or mitm on the encrypted archives.
$ git clone git://git.zx2c4.com/laurent-tools
$ cd laurent-tools/jsaccess/