Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@gnaaah certificates are supposed to verify identities. This only works if there's a chain of authentications leading to a root Certification Authority such as Verisign et al.
-
gnaaah9848y@ReturnVoid Self-Signed certificates also have this feature, except the CA is a small self created one.
Still don't see a security risk... -
I know that letsencrypt is a new thing in town but 15 minutes of research is all that takes to fix that thing
-
blegh698yself signs are good enough for private comms between your server and your app, it's your domain, no need for any public ca.
but, definitely bad for public websites. -
@gnaaah As far as I know, mitm attacks can be carried out on self signed certs without the users noticing. Could be wrong though
Related Rants
-
hexacore3Picked up a legacy site to re-build, turns out just adding: '?admin=1' to the query string gave you full ad...
-
blauesocke6One of our customer thought it would be too unsecure to send us his AWS credentials by email. So he printed it...
-
Tale-Of-X97Don't know if this has been post yet before but ohhh well
Self-signed certificates... I know you fuckers got them, I see them everywhere. Not cool, bruh
undefined
wk25