Worst security bug/feature you've seen? - devRant

Ranter

Comments

1

gnaaah

984

8y

They are annoying, but are they a security risk?
0

ReturnVoid

762

8y

@gnaaah certificates are supposed to verify identities. This only works if there's a chain of authentications leading to a root Certification Authority such as Verisign et al.
1

gnaaah

984

8y

@ReturnVoid Self-Signed certificates also have this feature, except the CA is a small self created one.
Still don't see a security risk...
2

wigi

3

8y

Self-signed certificates are still better and safer than no certificate at all
0

slinavipuz

1177

8y

I know that letsencrypt is a new thing in town but 15 minutes of research is all that takes to fix that thing
0

blegh

69

8y

self signs are good enough for private comms between your server and your app, it's your domain, no need for any public ca.
but, definitely bad for public websites.
1

deusprogrammer

4459

8y

Self signed certs are good for dev environments and nothing else.
0

pirhanas

34

8y

Just remember that the CA's root certificate are self signed...
0

linuxxx

145468

8y

@gnaaah As far as I know, mitm attacks can be carried out on self signed certs without the users noticing. Could be wrong though
0

linuxxx

145468

8y

@Artemix I literally use it for every domain name at the moment yas

Related Rants

devRant © 2021 Hexical Labs LLC
Privacy Policy | Terms of Service