diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2016-06-17 22:29:13 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-06-17 22:29:13 +0300 |
| commit | b2995d39cd502159fc4c47c4b1ffb525da4cd3a5 (patch) | |
| tree | cdc8bfed402f8a0fb8be34eba24e2e7ff10b36dc /page-threat-model.php | |
| parent | dbc1afbb784c02144794da0d94470610444ca275 (diff) | |
Update page-threat-model.php
Diffstat (limited to 'page-threat-model.php')
| -rw-r--r-- | page-threat-model.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/page-threat-model.php b/page-threat-model.php index f61c9669..2265d828 100644 --- a/page-threat-model.php +++ b/page-threat-model.php @@ -39,3 +39,6 @@ in those disabled features as not bounty-worthy.</p> <h3>Brute force of credentials</h3> <p>At the moment we don't consider bruteforcing of credentials or a missing password treshold eligible vulnerabilities. In the case of Nextcloud we currently expect people to protect their instance using measures such as fail2ban. We're however working on adding a native anti-bruteforce protection.</p> + +<h3>Server-side request forgery</h3> +<p>Nextcloud ships with multiple features that perform sending requests to other hosts, we do consider this accepted behaviour and advocate people to deploy Nextcloud into it's own seggregated network segment.</p> |