From 822ee47e0a79e100b42ca08ba8a4ebcef5d6b157 Mon Sep 17 00:00:00 2001
From: Laurent Ghigonis <laurent@p1sec.com>
Date: Sun, 16 Jun 2013 23:43:46 +0200
Subject: jsaccess: advise to use https to protect client targeted attacks

---
 jsaccess/README.txt | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/jsaccess/README.txt b/jsaccess/README.txt
index 45102bf..da1dc5c 100644
--- a/jsaccess/README.txt
+++ b/jsaccess/README.txt
@@ -2,6 +2,11 @@ jsaccess - download and decrypt files in the browser
 2013, Laurent Ghigonis <laurent@gouloum.fr>
 
 Provide protected access to files on a web server without htaccess or https.
+The files are stored AES256 encrypted on the server, and decrypted on download
+in the web browser.
+
+You should still use https to protect against client targeted attacks like
+mitm on the javascript code or mitm on the encrypted archives.
 
 $ git clone git://git.zx2c4.com/laurent-tools
 $ cd laurent-tools/jsaccess/
-- 
cgit v1.2.3-59-g8ed1b