NoLog.cz/decide.nolog.cz
6
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #96 from rugk/patch-1

Browse source 
Add note to remind user to protect the data dir
This commit is contained in:
jelhan 2016-06-04 20:13:15 +02:00
commit 8113b23e81
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -46,7 +46,7 @@ Afterwards copy all files in /dist folder to your werbserver.
### After installation
* `data/` folder has to be writeable by web server.
* `data/` folder has to be writeable by web server, but **must not** be accessible publicy. That means protect it in your webserver configuration!
* HTTPS connection should be forced. You should consider using [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security) (HSTS) and [HTTP Public Key Pinning](https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning) (HPKP).
* [Content-Security-Policy](http://content-security-policy.com/) (CSP) should be used. Default CSP headers are provided in `.htaccess` file but commented out.
* Execute `php api/cron.php` on a regular basis to delete outdated polls. A cronjob running once a day should be fine.