Security - rejetto/hfs GitHub Wiki
While this project focuses on ease of use, we care about security.
- HTTPS support
- Passwords are not saved, and not disclosed even without https thanks to SRP
- Automated tests ran on every release, including libraries audit
- No default admin password
Some actions you can take for improved security:
- use https, better if using a proper certificate, even free with Letsencrypt
- have a domain (ddns is ok too), configure it in "Internet" page, and enable "Accept requests only using domain"
- install "antidos" plugin
- ensure "antibrute" plugin is running
- disable "unprotected admin on localhost"
- work within a VPN