summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTyler Baker <forcedinductionz@gmail.com>2017-08-29 12:14:36 -0700
committerGitHub <noreply@github.com>2017-08-29 12:14:36 -0700
commitd8fb36073a43e2d47c23b1ef423d2921953e15fc (patch)
treed64acc9c94a104f10e484c855f6585a2a26e6728
parentdbac75882f6e98809afe82c5468e28d555855285 (diff)
README: add a note about security
Add some security considerations to the README. Signed-off-by: Tyler Baker <tyler.baker@linaro.org>
-rw-r--r--README.md13
1 files changed, 13 insertions, 0 deletions
diff --git a/README.md b/README.md
index d681d86..de4c1e8 100644
--- a/README.md
+++ b/README.md
@@ -22,3 +22,16 @@ In order for TFTP requests to find their way back to the running container, you
```
echo "dispatcher_ip: <master host ip" > /etc/lava-server/dispatcher.d/<lava-master-hostname>.yaml
```
+
+## Security
+Note that this container provides defaults which are unsecure. If you plan on deploying this in a production enviroment please consider the following items:
+
+ * Changing the default admin password
+ * Using HTTPS
+
+Secure CSRF tokens are disabled as the container uses HTTP by default. To use SSL with this container you will need to remove the following lines from your ```/etc/lava-server/settings.conf```
+
+```
+ "CSRF_COOKIE_SECURE": false,
+ "SESSION_COOKIE_SECURE": false,
+```