jsaccess: advise to use https to protect client targeted attacks

author: Laurent Ghigonis <laurent@p1sec.com> 2013-06-16 23:43:46 +0200
committer: Laurent Ghigonis <laurent@p1sec.com> 2013-06-16 23:43:46 +0200
commit: 822ee47e0a79e100b42ca08ba8a4ebcef5d6b157 (patch)
tree: 7790dc76745e38c932e3f4f5220635b4349f63e4 /jsaccess/README.txt
parent: jsaccess: css (diff)
download: laurent-tools-822ee47e0a79e100b42ca08ba8a4ebcef5d6b157.tar.xz
laurent-tools-822ee47e0a79e100b42ca08ba8a4ebcef5d6b157.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/jsaccess/README.txt b/jsaccess/README.txt
index 45102bf..da1dc5c 100644
--- a/jsaccess/README.txt
+++ b/jsaccess/README.txt
@@ -2,6 +2,11 @@ jsaccess - download and decrypt files in the browser
 2013, Laurent Ghigonis <laurent@gouloum.fr>
 
 Provide protected access to files on a web server without htaccess or https.
+The files are stored AES256 encrypted on the server, and decrypted on download
+in the web browser.
+
+You should still use https to protect against client targeted attacks like
+mitm on the javascript code or mitm on the encrypted archives.
 
 $ git clone git://git.zx2c4.com/laurent-tools
 $ cd laurent-tools/jsaccess/
author	Laurent Ghigonis <laurent@p1sec.com>	2013-06-16 23:43:46 +0200
committer	Laurent Ghigonis <laurent@p1sec.com>	2013-06-16 23:43:46 +0200
commit	822ee47e0a79e100b42ca08ba8a4ebcef5d6b157 (patch)
tree	7790dc76745e38c932e3f4f5220635b4349f63e4 /jsaccess/README.txt
parent	jsaccess: css (diff)
download	laurent-tools-822ee47e0a79e100b42ca08ba8a4ebcef5d6b157.tar.xz laurent-tools-822ee47e0a79e100b42ca08ba8a4ebcef5d6b157.zip