You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by de...@apache.org on 2016/01/19 21:59:58 UTC
docs commit: Slight tweak to security guide re: cert pinning
Repository: cordova-docs
Updated Branches:
refs/heads/master 4a670f3ed -> b2eaae225
Slight tweak to security guide re: cert pinning
Since last updated, there are new plugins that actually do true cert
pinning as long as all network reqs go through the plugin.
Project: http://git-wip-us.apache.org/repos/asf/cordova-docs/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-docs/commit/b2eaae22
Tree: http://git-wip-us.apache.org/repos/asf/cordova-docs/tree/b2eaae22
Diff: http://git-wip-us.apache.org/repos/asf/cordova-docs/diff/b2eaae22
Branch: refs/heads/master
Commit: b2eaae225299000e14e628581da2a18dd203129e
Parents: 4a670f3
Author: tommy-carlos williams <to...@devgeeks.org>
Authored: Wed Jan 20 07:58:08 2016 +1100
Committer: tommy-carlos williams <to...@devgeeks.org>
Committed: Wed Jan 20 07:58:08 2016 +1100
----------------------------------------------------------------------
www/docs/en/5.4.0/guide/appdev/security/index.md | 2 ++
www/docs/en/dev/guide/appdev/security/index.md | 2 ++
2 files changed, 4 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cordova-docs/blob/b2eaae22/www/docs/en/5.4.0/guide/appdev/security/index.md
----------------------------------------------------------------------
diff --git a/www/docs/en/5.4.0/guide/appdev/security/index.md b/www/docs/en/5.4.0/guide/appdev/security/index.md
index f870dae..462ec8f 100644
--- a/www/docs/en/5.4.0/guide/appdev/security/index.md
+++ b/www/docs/en/5.4.0/guide/appdev/security/index.md
@@ -49,6 +49,8 @@ Cordova does not support true certificate pinning. The main barrier to this is a
There are ways to approximate certificate pinning, such as checking the server's public key (fingerprint) is the expected value when your application starts or at other various times during your application's lifetime. There are third-party plugins available for Cordova that can do that. However, this is not the same as true certificate pinning which automatically verifies the expected value on every connection to the server.
+There are also plugins that can do true certificate pinning for some platforms, assuming your app is able to do all of its network requests using the plugin (i.e.: no traditional XHR/AJAX requests, etc).
+
## Self-signed Certificates
Using self-signed certificates on your server is not recommended. If you desire SSL, then it is highly recommended that your server have a certificate that has been properly signed by a well-known CA (certificate authority). The inability to do true certificate pinning makes this important.
http://git-wip-us.apache.org/repos/asf/cordova-docs/blob/b2eaae22/www/docs/en/dev/guide/appdev/security/index.md
----------------------------------------------------------------------
diff --git a/www/docs/en/dev/guide/appdev/security/index.md b/www/docs/en/dev/guide/appdev/security/index.md
index f870dae..462ec8f 100644
--- a/www/docs/en/dev/guide/appdev/security/index.md
+++ b/www/docs/en/dev/guide/appdev/security/index.md
@@ -49,6 +49,8 @@ Cordova does not support true certificate pinning. The main barrier to this is a
There are ways to approximate certificate pinning, such as checking the server's public key (fingerprint) is the expected value when your application starts or at other various times during your application's lifetime. There are third-party plugins available for Cordova that can do that. However, this is not the same as true certificate pinning which automatically verifies the expected value on every connection to the server.
+There are also plugins that can do true certificate pinning for some platforms, assuming your app is able to do all of its network requests using the plugin (i.e.: no traditional XHR/AJAX requests, etc).
+
## Self-signed Certificates
Using self-signed certificates on your server is not recommended. If you desire SSL, then it is highly recommended that your server have a certificate that has been properly signed by a well-known CA (certificate authority). The inability to do true certificate pinning makes this important.
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org