This repository has been archived by the owner on Apr 12, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
security.html
89 lines (86 loc) · 4.12 KB
/
security.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta name="description" content="A secure tool to share sensitive information in encrypted form with third parties">
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1">
<title>Share a Secret - Short lived encrypted secret sharing - how is this app secure?</title>
<link rel="stylesheet" href="static/custom.css" integrity="sha256-kh6gVNFTId2fxJriixeeDfo5X8rK0ZW9i81infWYch8=">
<link rel="stylesheet" href="static/semantic-2.7.5.css" integrity="sha256-3a0+mzIiHF2Wt5DvkjjoX0+M9otO3KTaMaqhaSwVZXg=">
</head>
<body>
<br><br>
<div id="bodysegm" class="ui text container">
<h1 class="ui centered header">How secure is this app?</h1>
<p>Security is the number one focus when developing and running this webapp. High standards of security are applied to
multiple layers of the infrastructure: during transport, storage, server maintenance etc. Security is applied in the following
ways:</p>
<div class="ui list">
<div class="item">
<div class="content">
<div class="header"><h3><i class="lock icon"></i> Webapp</h3></div>
<div class="description">How the use of the webapp is secured and kept private</div>
</div>
</div>
<div class="item">
<i class="right triangle icon"></i>
<div class="content">No part of the secret is stored unencrypted on either the client- and server-side</div>
</div>
<div class="item">
<i class="right triangle icon"></i>
<div class="content">As soon as the expiration date of the secret is reached, the contents and all related (access) data is
permanently deleted</div>
</div>
<div class="item">
<i class="right triangle icon"></i>
<div class="content">All transport from and to the server is done using <a
href="https://www.ssllabs.com/ssltest/analyze.html?d=secretshare.wheredoi.click">A+</a> rated TLS1.2+ encryption.
HTTP Strict Transport Security (HSTS) header is applied with preloading</div>
</div>
<div class="item">
<i class="right triangle icon"></i>
<div class="content">No libraries are hosted externally using a free public CDN, so no tracking by them is made possible</div>
</div>
<div class="item">
<i class="right triangle icon"></i>
<div class="content">No analytics or webbugs from third parties have been added to the webapp, so no external parties
can track your use of the webapp</div></div>
<div class="item">
<i class="right triangle icon"></i>
<div class="content">The source code is kept in a readable format for your verification and css and javascript
libraries contain <a href="https://github.com/aardbol/secretshareweb/issues/8">an integrity hash</a> so modifications
can easily be spotted. Development happens transparently at GitHub</div>
</div>
<br>
<div class="item">
<div class="content">
<div class="header"><h3><i class="lock icon"></i> Server</h3></div>
<div class="description">How to server is kept secure</div>
</div>
</div>
<div class="item">
<i class="right triangle icon"></i>
<div class="content">The software of the server is kept properly up-to-date, with security updates being installed
automatically.</div>
</div>
<div class="item">
<i class="right triangle icon"></i>
<div class="content">A firewall is in place to block hacking attempts to the server. Many parts of the operating system
has also been harderened to reduce the numer of potential attack surfaces</div>
</div>
</div>
</div>
<div id="footer" class="ui text container">
<i class="copyright outline icon"></i>2019, https://wheredoi.click v1.3
{<a href="https://github.com/aardbol/secretshareweb" target="_blank"><i class="fitted github grey icon"></i></a>}<br>
<a href="index.html">home</a> | <a href="about.html">about this app</a> | <a href="security.html">how is this app secure?</a>
</div>
<script src="static/jquery-3.4.1.js" integrity="sha256-WpOohJOqMqqyKL9FccASB9O0KwACQJpFTUBLTYOVvVU="></script>
<script src="static/semantic-2.7.5.js" integrity="sha256-/fbdRVqLH/oOOtOg/Eb0A1ttDWTJn6L6yxhO2HC/+yg="></script>
<script>
$(function() {
$('h1').transition("zoom in");
})
</script>
</body>
</html>