mirror of
https://github.com/haproxy/haproxy.git
synced 2026-06-23 16:31:15 -04:00
8badf5d2fa
Add doc/internals/threat-model.txt describing what does and does not qualify as a security vulnerability in HAProxy so that reporters and developers have a common understanding of the threat model, and make it clear that anything non-critical should be handled in the open and not hidden behind embargoes. The document lists assets to protect, what constitutes an attack, what are the mitigations in place, and the severity ordering of various risks. This may in the long term also help developers make better choices of default settings and option names, and may also justify changing default settings over time when modern operating systems bring new possibilities. A section also lists some invariants and defaults in an attempt to limit the risk of reporting theoretical issues that are technically impossible to happen in the field. This is an initial version meant to be refined as cases arise. It was incrementally designed and cross-checked with the help of three independent LLMs (Qwen, Gemini and Claude) until each correctly classified a set of sample reports against it. In the current state they do not raise any residual ambiguities anymore. |
||
|---|---|---|
| .. | ||
| design-thoughts | ||
| internals | ||
| lua-api | ||
| 51Degrees-device-detection.txt | ||
| acl.fig | ||
| coding-style.txt | ||
| configuration.txt | ||
| cookie-options.txt | ||
| DeviceAtlas-device-detection.txt | ||
| gpl.txt | ||
| haproxy.1 | ||
| HAProxyCommunityEdition_60px.png | ||
| haterm.txt | ||
| intro.txt | ||
| lgpl.txt | ||
| linux-syn-cookies.txt | ||
| lua.txt | ||
| management.txt | ||
| netscaler-client-ip-insertion-protocol.txt | ||
| network-namespaces.txt | ||
| peers-v2.0.txt | ||
| peers.txt | ||
| proxy-protocol.txt | ||
| queuing.fig | ||
| regression-testing.txt | ||
| seamless_reload.txt | ||
| SOCKS4.protocol.txt | ||
| SPOE.txt | ||
| WURFL-device-detection.txt | ||
