tauri-docs icon indicating copy to clipboard operation
tauri-docs copied to clipboard

Published 20 hours ago verified publisher icon tauri-apps

Rewrite security documentation

Open olivierlemasle opened this issue 3 years ago • 3 comments

Edit by @FabianLars:

I'm just gonna hijack this to not create an almost-duplicate. Really our whole security related docs need a complete rewrite, i feel like large parts of this page aren't accurate: https://tauri.app/v1/references/architecture/security/ and the security guide mentioned below is missing and needs to be added again too.

I don't understand most of that security stuff so this will probably come down to Denjell, who wrote the first guides, and the new security team.

That said, i think this should wait for the new docs website hoping we can give it a better place than the currently kinda hidden one (and also a place where it makes sense to include the guide-level stuff)

Original issue:

In #829, the page guides/development/security.md was deleted because it was very similar to the page guides/architecture/security.md (now under references/security.md and called Development Security).

However, that page was not an exact duplicate of the current Development Security page, and it was more complete (to me, at least). For example, the old security page advised to "prefer specific commands" (instead of writing everything on the frontend layer), or presented the allowlist, along with code examples.

Cf the old Security page: https://github.com/tauri-apps/tauri-docs/blob/e0bb27ca47bd414efe1fe22248d9ed2e1d499751/docs/guides/development/security.md

If these recommendations still apply, I think we should bring them again, by merging the content of the old guides/development/security.md and the new references/security.md. If you're ok with that, I can make a Pull Request.

olivierlemasle avatar Sep 08 '22 21:09 olivierlemasle

Tracking this for 2.0 so we don't forget about it. Security concerns will be less gathered in a single place in 2.0, and more scattered about on the pages where they are relevant. But we'll probably need to cover some of it in some manner of architectural article.

simonhyll avatar Sep 15 '23 20:09 simonhyll

We have a security page now: https://beta.tauri.app/concepts/tauri-security/ @FabianLars can you confirm that it covers the necessary topics? Note ofc that for 2.0 we're adding security considerations to individual pages as well, so some information might be more relevant on e.g. a features own page.

simonhyll avatar Feb 26 '24 14:02 simonhyll

imo, no. the page you linked is a copy paste from the v1 docs. I think this PR is more relevant in resolving this issue https://github.com/tauri-apps/tauri-docs/pull/1791 - it also removes the tauri-security page (as it should lol).

FabianLars avatar Feb 26 '24 15:02 FabianLars