You are here

Home » API reference » Security.txt 8

README.txt in Security.txt 8

Same filename and directory in other branches
  1. 7 README.txt
		      ━━━━━━━━━━━━━━━━━━━━━━━━━━━━
		       SECURITY.TXT MODULE README


			    Daniel J. R. May
		      ━━━━━━━━━━━━━━━━━━━━━━━━━━━━


Table of Contents
─────────────────

1 Introduction
2 Installation
3 Configuration
.. 3.1 Permissions
.. 3.2 Security.txt configuration
.. 3.3 Security.txt signing
4 Use
5 Further reading





1 Introduction
══════════════

  The Security.txt module provides an implementation of the security.txt
  draft RFC standard. Its purpose is to provide a standardised way to
  document your website’s security contact details and policy. This
  allows users and security researchers to securely disclose security
  vulnerabilities to you.


2 Installation
══════════════

  This module should be installed in the usual way. Read about
  [installing Drupal 8 modules].


  [installing Drupal 8 modules]
  https://www.drupal.org/docs/8/extending-drupal-8/installing-drupal-8-modules


3 Configuration
═══════════════

  Once you have installed this module you will want to perform the
  following configuration.


3.1 Permissions
───────────────

  You control the permissions granted to each role at
  `/admin/people/permissions'. You will almost certainly want to give
  everyone the `View security.txt' permission, i.e. give it to both the
  `Anonymous User' and `Authenticated User' roles.

  You will only want to give the `Administer security.txt' permission to
  very trusted roles.


3.2 Security.txt configuration
──────────────────────────────

  The Security.txt configuration page can be found under `System' on the
  Drupal configuration page. Fill in all the details you want to add to
  your `security.txt' file, then press the `Save configuration' button.
  You should then proceed to the `Sign' tab of the configuration form.


3.3 Security.txt signing
────────────────────────

  You can provide a digital signature for your `security.txt' file by
  following the instructions on the `Sign' tab of the module’s
  configuration page.


4 Use
═════

  Once you have completed the configuration of the Security.txt module
  your security.txt and security.txt.sig files will be available at the
  following standard URLs:

  • /.well-known/security.txt
  • /.well-known/security.txt.sig


5 Further reading
═════════════════

  • Learn more about the [security.txt standard]
  • Read the [draft RFC]


  [security.txt standard] https://securitytxt.org/

  [draft RFC] https://tools.ietf.org/html/draft-foudil-securitytxt-02

File

README.txt
View source 
  1. 		      ━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  2. 		       SECURITY.TXT MODULE README

  3. 

  4. 

  5. 			    Daniel J. R. May

  6. 		      ━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  7. 

  8. 

  9. Table of Contents

  10. ─────────────────

  11. 

  12. 1 Introduction

  13. 2 Installation

  14. 3 Configuration

  15. .. 3.1 Permissions

  16. .. 3.2 Security.txt configuration

  17. .. 3.3 Security.txt signing

  18. 4 Use

  19. 5 Further reading

  20. 

  21. 

  22. 

  23. 

  24. 

  25. 1 Introduction

  26. ══════════════

  27. 

  28.   The Security.txt module provides an implementation of the security.txt

  29.   draft RFC standard. Its purpose is to provide a standardised way to

  30.   document your website’s security contact details and policy. This

  31.   allows users and security researchers to securely disclose security

  32.   vulnerabilities to you.

  33. 

  34. 

  35. 2 Installation

  36. ══════════════

  37. 

  38.   This module should be installed in the usual way. Read about

  39.   [installing Drupal 8 modules].

  40. 

  41. 

  42.   [installing Drupal 8 modules]

  43.   https://www.drupal.org/docs/8/extending-drupal-8/installing-drupal-8-modules

  44. 

  45. 

  46. 3 Configuration

  47. ═══════════════

  48. 

  49.   Once you have installed this module you will want to perform the

  50.   following configuration.

  51. 

  52. 

  53. 3.1 Permissions

  54. ───────────────

  55. 

  56.   You control the permissions granted to each role at

  57.   `/admin/people/permissions'. You will almost certainly want to give

  58.   everyone the `View security.txt' permission, i.e. give it to both the

  59.   `Anonymous User' and `Authenticated User' roles.

  60. 

  61.   You will only want to give the `Administer security.txt' permission to

  62.   very trusted roles.

  63. 

  64. 

  65. 3.2 Security.txt configuration

  66. ──────────────────────────────

  67. 

  68.   The Security.txt configuration page can be found under `System' on the

  69.   Drupal configuration page. Fill in all the details you want to add to

  70.   your `security.txt' file, then press the `Save configuration' button.

  71.   You should then proceed to the `Sign' tab of the configuration form.

  72. 

  73. 

  74. 3.3 Security.txt signing

  75. ────────────────────────

  76. 

  77.   You can provide a digital signature for your `security.txt' file by

  78.   following the instructions on the `Sign' tab of the module’s

  79.   configuration page.

  80. 

  81. 

  82. 4 Use

  83. ═════

  84. 

  85.   Once you have completed the configuration of the Security.txt module

  86.   your security.txt and security.txt.sig files will be available at the

  87.   following standard URLs:

  88. 

  89.   • /.well-known/security.txt

  90.   • /.well-known/security.txt.sig

  91. 

  92. 

  93. 5 Further reading

  94. ═════════════════

  95. 

  96.   • Learn more about the [security.txt standard]

  97.   • Read the [draft RFC]

  98. 

  99. 

  100.   [security.txt standard] https://securitytxt.org/

  101. 

  102.   [draft RFC] https://tools.ietf.org/html/draft-foudil-securitytxt-02