Worst security bug/feature you've seen? - devRant

Ranter

Comments

1

gnaaah

983

9y

They are annoying, but are they a security risk?
0

ReturnVoid

754

9y

@gnaaah certificates are supposed to verify identities. This only works if there's a chain of authentications leading to a root Certification Authority such as Verisign et al.
1

gnaaah

983

9y

@ReturnVoid Self-Signed certificates also have this feature, except the CA is a small self created one.
Still don't see a security risk...
2

wigi

3

9y

Self-signed certificates are still better and safer than no certificate at all
0

slinavipuz

1177

9y

I know that letsencrypt is a new thing in town but 15 minutes of research is all that takes to fix that thing
0

blegh

69

9y

self signs are good enough for private comms between your server and your app, it's your domain, no need for any public ca.
but, definitely bad for public websites.
1

deusprogrammer

4386

9y

Self signed certs are good for dev environments and nothing else.
0

pirhanas

34

9y

Just remember that the CA's root certificate are self signed...
0

linuxxx

142302

9y

@gnaaah As far as I know, mitm attacks can be carried out on self signed certs without the users noticing. Could be wrong though
0

linuxxx

142302

9y

@Artemix I literally use it for every domain name at the moment yas

Related Rants

devRant © 2021 Hexical Labs LLC
Privacy Policy | Terms of Service