From 6a838cdc96bb9617911932b2fe00557aa4f8a1f0 Mon Sep 17 00:00:00 2001
From: LinuxServer-CI <ci@linuxserver.io>
Date: Mon, 9 Jun 2025 01:44:43 +0000
Subject: [PATCH] Bot Updating Documentation

---
 docs/images/docker-brave.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docs/images/docker-brave.md b/docs/images/docker-brave.md
index 8e82efe777..42b1621f0e 100644
--- a/docs/images/docker-brave.md
+++ b/docs/images/docker-brave.md
@@ -41,6 +41,14 @@ The application can be accessed at:
 
 * https://yourhost:3001/
 
+
+### Security
+
+>[!WARNING]
+>Do not put this on the Internet if you do not know what you are doing.
+
+By default this container has no authentication and the optional environment variables `CUSTOM_USER` and `PASSWORD` to enable basic http auth via the embedded NGINX server should only be used to locally secure the container from unwanted access on a local network. If exposing this to the Internet we recommend putting it behind a reverse proxy, such as [SWAG](https://github.com/linuxserver/docker-swag), and ensuring a secure authentication solution is in place. From the web interface a terminal can be launched and it is configured for passwordless sudo, so anyone with access to it can install and run whatever they want along with probing your local network.
+
 ### Strict reverse proxies
 
 This image uses a self-signed certificate by default. This naturally means the scheme is `https`.