ACIL FM
Dark
Refresh
Current DIR:
/usr/share/doc/python3-cryptography/docs
/
usr
share
doc
python3-cryptography
docs
Upload
Zip Selected
Delete Selected
Pilih semua
Nama
Ukuran
Permission
Aksi
development
-
chmod
Open
Rename
Delete
hazmat
-
chmod
Open
Rename
Delete
x509
-
chmod
Open
Rename
Delete
_ext
-
chmod
Open
Rename
Delete
_static
-
chmod
Open
Rename
Delete
api-stability.rst
2.93 MB
chmod
View
DL
Edit
Rename
Delete
changelog.rst
30 B
chmod
View
DL
Edit
Rename
Delete
community.rst
589 B
chmod
View
DL
Edit
Rename
Delete
conf.py
6.17 MB
chmod
View
DL
Edit
Rename
Delete
doing-a-release.rst
3.71 MB
chmod
View
DL
Edit
Rename
Delete
exceptions.rst
853 B
chmod
View
DL
Edit
Rename
Delete
faq.rst
9.79 MB
chmod
View
DL
Edit
Rename
Delete
fernet.rst
11.33 MB
chmod
View
DL
Edit
Rename
Delete
glossary.rst
4.62 MB
chmod
View
DL
Edit
Rename
Delete
index.rst
2.64 MB
chmod
View
DL
Edit
Rename
Delete
installation.rst
11.71 MB
chmod
View
DL
Edit
Rename
Delete
limitations.rst
2.12 MB
chmod
View
DL
Edit
Rename
Delete
make.bat
4.99 MB
chmod
View
DL
Edit
Rename
Delete
Makefile
5.46 MB
chmod
View
DL
Edit
Rename
Delete
openssl.rst
4.6 MB
chmod
View
DL
Edit
Rename
Delete
random-numbers.rst
1.55 MB
chmod
View
DL
Edit
Rename
Delete
security.rst
3.51 MB
chmod
View
DL
Edit
Rename
Delete
spelling_wordlist.txt
1.22 MB
chmod
View
DL
Edit
Rename
Delete
Edit file: /usr/share/doc/python3-cryptography/docs/security.rst
Security ======== We take the security of ``cryptography`` seriously. The following are a set of policies we have adopted to ensure that security issues are addressed in a timely fashion. Infrastructure -------------- In addition to ``cryptography``'s code, we're also concerned with the security of the infrastructure we run (primarily ``cryptography.io``). If you discover a security vulnerability in our infrastructure, we ask you to report it using the same procedure. What is a security issue? ------------------------- Anytime it's possible to write code using ``cryptography``'s public API which does not provide the guarantees that a reasonable developer would expect it to based on our documentation. That's a bit academic, but basically it means the scope of what we consider a vulnerability is broad, and we do not require a proof of concept or even a specific exploit, merely a reasonable threat model under which ``cryptography`` could be attacked. To give a few examples of things we would consider security issues: * If a recipe, such as Fernet, made it easy for a user to bypass confidentiality or integrity with the public API (e.g. if the API let a user reuse nonces). * If, under any circumstances, we used a CSPRNG which wasn't fork-safe. * If ``cryptography`` used an API in an underlying C library and failed to handle error conditions safely. Examples of things we wouldn't consider security issues: * Offering ECB mode for symmetric encryption in the *Hazmat* layer. Though ECB is critically weak, it is documented as being weak in our documentation. * Using a variable time comparison somewhere, if it's not possible to articulate any particular program in which this would result in problematic information disclosure. In general, if you're unsure, we request that you to default to treating things as security issues and handling them sensitively, the worst thing that can happen is that we'll ask you to file a public issue. Reporting a security issue -------------------------- We ask that you do not report security issues to our normal GitHub issue tracker. If you believe you've identified a security issue with ``cryptography``, please report it to ``alex.gaynor@gmail.com`` and/or ``paul.l.kehrer@gmail.com``. You should verify that your MTA uses TLS to ensure the confidentiality of your message. Once you've submitted an issue via email, you should receive an acknowledgment within 48 hours, and depending on the action to be taken, you may receive further follow-up emails. Supported Versions ------------------ At any given time, we will provide security support for the `main`_ branch as well as the most recent release. New releases for OpenSSL updates -------------------------------- As of versions 0.5, 1.0.1, and 2.0.0, ``cryptography`` statically links OpenSSL in binary distributions for Windows, macOS, and Linux respectively, to ease installation. Due to this, ``cryptography`` will release a new version whenever OpenSSL has a security or bug fix release to avoid shipping insecure software. Like all our other releases, this will be announced on the mailing list and we strongly recommend that you upgrade as soon as possible. Disclosure Process ------------------ When we become aware of a security bug in ``cryptography``, we will endeavor to fix it and issue a release as quickly as possible. We will generally issue a new release for any security issue. The steps for issuing a security release are described in our :doc:`/doing-a-release` documentation. .. _`main`: https://github.com/pyca/cryptography
Simpan
Batal
Isi Zip:
Unzip
Create
Buat Folder
Buat File
Terminal / Execute
Run
Chmod Bulk
All File
All Folder
All File dan Folder
Apply