From d8fb36073a43e2d47c23b1ef423d2921953e15fc Mon Sep 17 00:00:00 2001
From: Tyler Baker <forcedinductionz@gmail.com>
Date: Tue, 29 Aug 2017 12:14:36 -0700
Subject: README: add a note about security

Add some security considerations to the README.

Signed-off-by: Tyler Baker <tyler.baker@linaro.org>
---
 README.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'README.md')

diff --git a/README.md b/README.md
index d681d86..de4c1e8 100644
--- a/README.md
+++ b/README.md
@@ -22,3 +22,16 @@ In order for TFTP requests to find their way back to the running container, you
 ```
 echo "dispatcher_ip: <master host ip" > /etc/lava-server/dispatcher.d/<lava-master-hostname>.yaml
 ```
+
+## Security
+Note that this container provides defaults which are unsecure. If you plan on deploying this in a production enviroment please consider the following items:
+
+  * Changing the default admin password
+  * Using HTTPS
+  
+Secure CSRF tokens are disabled as the container uses HTTP by default. To use SSL with this container you will need to remove the following lines from your ```/etc/lava-server/settings.conf```
+
+```
+   "CSRF_COOKIE_SECURE": false,
+   "SESSION_COOKIE_SECURE": false,
+```
-- 
cgit 1.2.3-korg