point out MITM risk when not using https for querying the IP

nsupdate-info · Nov 15, 2014 · 70ab452 · 70ab452
1 parent 36d4445
commit 70ab452
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/docs/security.rst b/docs/security.rst
@@ -25,6 +25,11 @@ not work).
 
 On the hosts overview page, we show whether we received the last update via TLS.
 
+Please note that if you like security, you also need to use https (with
+certificate verification) if you use the web-based method to query your IP
+address. If you use http, a powerful attacker could MITM your request and
+tell you a wrong IP, which your updater then would happily write into DNS.
+
 
 Login with remote vs. local Account
 ===================================