Files · 89e050d7228930baf6a483cf7d02bdc683b0af61 · DEMO / spring-boot

Document security risks of DevTools' remote support more clearly · 89e050d7

Andy Wilkinson authored Nov 05, 2019

Previously, the security risks and our recommendations on how to
mitigate them were not documented as clearly as they could have been.
This commit makes some changes to try to address this:

1. The security risk is now noted at the beginning of the section
2. The recommendation to use SSL is now documented more prominently
   and an alternative recommendation to only use remote support on
   a trusted network has been added.
3. The example secret has been removed to prevent copy and paste
4. A recommendation to use a secret that is unique and strong has been
   added

Closes gh-18825

89e050d7

Name	Last commit	Last update
.bomr		Loading commit data...
.github		Loading commit data...
.mvn		Loading commit data...
ci		Loading commit data...
eclipse		Loading commit data...
git/hooks		Loading commit data...
spring-boot-project		Loading commit data...
spring-boot-samples		Loading commit data...
spring-boot-samples-invoker		Loading commit data...
spring-boot-tests		Loading commit data...
src/checkstyle		Loading commit data...
.editorconfig		Loading commit data...
.gitignore		Loading commit data...
.settings-template.xml		Loading commit data...
CODE_OF_CONDUCT.adoc		Loading commit data...
CONTRIBUTING.adoc		Loading commit data...
LICENSE.txt		Loading commit data...
README.adoc		Loading commit data...
SUPPORT.adoc		Loading commit data...
mvnw		Loading commit data...
mvnw.cmd		Loading commit data...
pom.xml		Loading commit data...

README.adoc