static/security: miscellaneous fixes

Some typos and changed language about "never communicating in plain text
on any wire."  We cannot assert that, we communicate with an S3 endpoint
and entrust it to perform encryption on our behalf.  What we hand S3 is
plaintext, and there are very likely numerous wires behind that endpoint.
This commit is contained in:
Vito Caputo 2016-01-22 23:43:34 -08:00
parent 566a91f003
commit 91d8637fea

View file

@ -7,14 +7,14 @@
</div> </div>
<div class="row"> <div class="row">
<div class="col-md-12"> <div class="col-md-12">
<h3>SSL Everwhere</h3> <h3>SSL Everywhere</h3>
<p>We expressly forbid connections to Quay using unencrypted HTTP traffic. This helps keep your data and account information safe on the wire. Our SSL traffic is decrypted on our application servers, so your traffic is encrypted even within the datacenter. We use a 4096-bit RSA key, and after the key exchange is complete, traffic is transferred using 256-bit AES, for the maximum encryption strength.</p> <p>We expressly forbid connections to Quay using unencrypted HTTP traffic. This helps keep your data and account information safe on the wire. Our SSL traffic is decrypted on our application servers, so your traffic is encrypted even within the datacenter. We use a 4096-bit RSA key, and after the key exchange is complete, traffic is transferred using 256-bit AES, for the maximum encryption strength.</p>
</div> </div>
</div> </div>
<div class="row"> <div class="row">
<div class="col-md-12"> <div class="col-md-12">
<h3>Encryption</h3> <h3>Encryption</h3>
<p>Our binary data is currently stored in Amazon's <a href="http://aws.amazon.com/s3/">S3</a> service. We use HTTPS when transferring your data internally between our application servers and S3, so your data is never exposed in plain text on any wire. We use their <a href="http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html">server side encryption</a> to protect your data while stored at rest in their data centers.</p> <p>Our binary data is currently stored in Amazon's <a href="http://aws.amazon.com/s3/">S3</a> service. We use HTTPS when transferring your data internally between our application servers and S3, so your data is never exposed in plain text on the internet. We use their <a href="http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html">server side encryption</a> to protect your data while stored at rest in their data centers.</p>
</div> </div>
</div> </div>
<div class="row"> <div class="row">
@ -26,7 +26,7 @@
<div class="row"> <div class="row">
<div class="col-md-12"> <div class="col-md-12">
<h3>Access Controls</h3> <h3>Access Controls</h3>
<p>Repositories will only ever be shared with people to whom you delegate access. Repositories created from the Docker command line are private by default and repositories must subsequently made public with an explicit action in the Quay UI. We have a test suite which is run before every code push which tests all methods which expose private data with all levels of access to ensure nothing is accidentally leaked.</p> <p>Repositories will only ever be shared with people to whom you delegate access. Repositories created from the Docker command line are private by default and must be made public with an explicit action in the Quay UI. We have a test suite which is run before every code push which tests all methods which expose private data with all levels of access to ensure nothing is accidentally leaked.</p>
</div> </div>
</div> </div>
<div class="row"> <div class="row">