add Security section to README
This commit is contained in:
parent
21bc936b89
commit
9a08caea63
1 changed files with 7 additions and 0 deletions
|
|
@ -62,3 +62,10 @@ All moderation is local — you control your view:
|
||||||
- Threads older than 30 days are auto-pruned (configurable on the moderation page)
|
- Threads older than 30 days are auto-pruned (configurable on the moderation page)
|
||||||
- Set retention to 0 to keep everything indefinitely
|
- Set retention to 0 to keep everything indefinitely
|
||||||
- Forum DB is stored at `~/.tinyweb/forum.db`
|
- Forum DB is stored at `~/.tinyweb/forum.db`
|
||||||
|
|
||||||
|
## Security
|
||||||
|
|
||||||
|
- **No authentication** — The forum inherits TinyWeb's access model. Anyone who can reach the HTTP port (localhost by default) can post, edit, retract, block, and change moderation settings. See TinyWeb's Security section for details on `--bind 0.0.0.0`.
|
||||||
|
- **Retractions are voluntary** — Retracting a thread or post sends a signal to peers, but any peer can ignore it and keep serving the content. "Retract" is a polite request, not a guaranteed delete.
|
||||||
|
- **Block gossip can be gamed** — Auto-block triggers after 3 peer reports. On Reticulum this requires 3+ real instances to collude, which is impractical at mesh scale, but is not cryptographically enforced.
|
||||||
|
- **No rate limiting** — Forum POST endpoints have no throttling. Low risk since the HTTP port is localhost-only by default.
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue