I’ve discovered an interesting feature. If someone find a security issue on my website there is no way to tell him the procedure to contact me. Or so it was the case, if i write a file called security.txt according to the RFC9116 and drop it in the .well-known folder everyone now knows how to contact me for security purpose.

The authors of this RFC have a website to explain the concept and generate the file :



78 Words

2023-10-29 14:42 +0100