good morning!!!!

Skip to content
Snippets Groups Projects
Commit 6d5c407c authored by or-else's avatar or-else
Browse files

clarify what not to report as security problems

parent cc5bb680
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 7 additions and 2 deletions
SECURITY.md
+ 7
2
View file @ 6d5c407c
......@@ -2,6 +2,11 @@
## Reporting a Vulnerability
Please report a vulnerability to security@tinode.co
Please report a vulnerability to `security@tinode.co`.
## What not to report
* Firebase initialization tokens. The Firebase tokens are really public: they must be included into client applications and consequently are not private by design.
* Exposed `/pprof` or `/expvar`. We know they are exposed. It's intentional and harmless.
* Exposed Prometheus metrics `/metrics`. Like above, it's intentional and harmless.
Please do not report Firebase initialization tokens. The Firebase tokens are really public: they must be included into client applications and consequently are not private by design.
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment