README: add a note about security

Add some security considerations to the README. Signed-off-by: Tyler Baker <tyler.baker@linaro.org>
author: Tyler Baker <forcedinductionz@gmail.com> 2017-08-29 12:14:36 -0700
committer: GitHub <noreply@github.com> 2017-08-29 12:14:36 -0700
commit: d8fb36073a43e2d47c23b1ef423d2921953e15fc (patch)
tree: d64acc9c94a104f10e484c855f6585a2a26e6728 /README.md
parent: dbac75882f6e98809afe82c5468e28d555855285 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/README.md b/README.md
index d681d86..de4c1e8 100644
--- a/README.md
+++ b/README.md
@@ -22,3 +22,16 @@ In order for TFTP requests to find their way back to the running container, you
 ```
 echo "dispatcher_ip: <master host ip" > /etc/lava-server/dispatcher.d/<lava-master-hostname>.yaml
 ```
+
+## Security
+Note that this container provides defaults which are unsecure. If you plan on deploying this in a production enviroment please consider the following items:
+
+  * Changing the default admin password
+  * Using HTTPS
+  
+Secure CSRF tokens are disabled as the container uses HTTP by default. To use SSL with this container you will need to remove the following lines from your ```/etc/lava-server/settings.conf```
+
+```
+   "CSRF_COOKIE_SECURE": false,
+   "SESSION_COOKIE_SECURE": false,
+```
author	Tyler Baker <forcedinductionz@gmail.com>	2017-08-29 12:14:36 -0700
committer	GitHub <noreply@github.com>	2017-08-29 12:14:36 -0700
commit	d8fb36073a43e2d47c23b1ef423d2921953e15fc (patch)
tree	d64acc9c94a104f10e484c855f6585a2a26e6728 /README.md
parent	dbac75882f6e98809afe82c5468e28d555855285 (diff)