Public-Key-Pins-Disabled/EN/Solution Tips: Unterschied zwischen den Versionen
| Zeile 1: | Zeile 1: | ||
| − | The setting of [ | + | The setting of [[Public-Key-Pins-Disabled/EN|Public Key Pinning]] (HPKP) is not an absolute must, and is currently not taken into account by the SIWECOS Scanner. It is advisable not to activate them, or to do so only after consultation with an expert. |
The browsers Mozilla Firefox and Google Chrome comply with [https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning Public Key Pinning] and therefore ignore HPKP-headers. If only a single pin is set, an error message will appear. In order for pin validation to be successful, it is therefore always necessary to provide at least two public keys or a back-up pin. Interested parties should get in touch with an IT security expert or web developer. | The browsers Mozilla Firefox and Google Chrome comply with [https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning Public Key Pinning] and therefore ignore HPKP-headers. If only a single pin is set, an error message will appear. In order for pin validation to be successful, it is therefore always necessary to provide at least two public keys or a back-up pin. Interested parties should get in touch with an IT security expert or web developer. | ||
Version vom 3. April 2019, 16:05 Uhr
The setting of Public Key Pinning (HPKP) is not an absolute must, and is currently not taken into account by the SIWECOS Scanner. It is advisable not to activate them, or to do so only after consultation with an expert.
The browsers Mozilla Firefox and Google Chrome comply with Public Key Pinning and therefore ignore HPKP-headers. If only a single pin is set, an error message will appear. In order for pin validation to be successful, it is therefore always necessary to provide at least two public keys or a back-up pin. Interested parties should get in touch with an IT security expert or web developer.
Further information can be found at Article from ZDNET
