cordova-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [cordova-docs] NiklasMerz commented on a change in pull request #1109: docs: Security revisements
Date Thu, 06 Aug 2020 06:37:21 GMT

NiklasMerz commented on a change in pull request #1109:
URL: https://github.com/apache/cordova-docs/pull/1109#discussion_r466175837



##########
File path: www/docs/en/dev/guide/appdev/security/index.md
##########
@@ -53,11 +53,21 @@ There are ways to approximate certificate pinning, such as checking the
server's
 
 There are also plugins that can do true certificate pinning for some platforms, assuming
your app is able to do all of its network requests using the plugin (i.e.: no traditional
XHR/AJAX requests, etc).
 
+## Using TLS/SSL
+
+If your app communicates to an external server, it should be communicating using modern encryption
standards. Use `https` protocol whenever is possible.
+
+[Let's Encrypt](https://letsencrypt.org/) is a free, automated, and open certificate authority
provided by the nonprofit [Internet Security Research Group](https://www.abetterinternet.org/).
Let's Encrypt will offer free standard certificates, which will be sufficient for most developers.
Enterprise organizations may still want to use a traditional certificate authority that offers
more advanced features such as [Extended Validation](https://en.wikipedia.org/wiki/Extended_Validation_Certificate)
or [Organization Validation](https://en.wikipedia.org/wiki/Public_key_certificate#Organization_validation)
certificates.

Review comment:
       I would not mention Extended Validation as it's essentially a thing of the past. Browsers
stopped or will stop showing the special "green bar" and badges for EV and they no longer
make sense.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org


Mime
View raw message