docs: remove claim that HTTPS authenticates the remote server (#35526)
Update security.md
I don't think this is accurate. This is not a feature of HTTPS. This would require certificate pinning. It has been in the security docs since 2db125890c
Related
https://github.com/electron/electron/issues/3330
https://www.npmjs.com/package/electron-ssl-pinning
https://cheatsheetseries.owasp.org/cheatsheets/Pinning_Cheat_Sheet.html
This commit is contained in:
Alexander Prinzhorn
GitHub
parent
dfc134de42
commit
9719cea250
1 changed files with 1 additions and 3 deletions
|
|
@ -131,10 +131,8 @@ like `HTTP`. Similarly, we recommend the use of `WSS` over `WS`, `FTPS` over
|
|||
|
||||
#### Why?
|
||||
|
||||
`HTTPS` has three main benefits:
|
||||
`HTTPS` has two main benefits:
|
||||
|
||||
1. It authenticates the remote server, ensuring your app connects to the correct
|
||||
host instead of an impersonator.
|
||||
1. It ensures data integrity, asserting that the data was not modified while in
|
||||
transit between your application and the host.
|
||||
1. It encrypts the traffic between your user and the destination host, making it
|
||||
|
|
|
|||
Loading…
Reference in a new issue