Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
@slinavipuz spoofing/mitm is also mittagated by HTTPS
-
@jshwkxneiwbd I know that. But if all the data is public there is no point in securing it. But it is a super rare use case.
-
@slinavipuz I always go for secure by default. I think in this day and age a secure connection is simply required :)
-
@linuxxx i feel you. Secure is default no one questioned that :)
-
@slinavipuz what's the use case where public data can't be spoofed? Just because it's public why trust it?
Me: Let's grab something for dinner!
GF: Sure, but let's go somewhere safe
Me:
When you're about to do a payment and the payment form is loaded without an SSL connection/certificate... Come...
Yes please.
(The PM is pretty technical)
One day:
Me: Could you create this subdomain?
PM: Sure, just a sec.
Me: Ohh and could you add a letsencrypt cert? (one click thingy)
PM: Why would you need that on this kinda site...
Me: Well in general for security...
PM: Nahh.
*walks away*
Next day:
(referring to my internship manager/guider as Bob)
Bob: Hey... we have a new subdomain!
Me: Yup!
Bob: Wait why is there no letsencrypt certificate installed...?!?
Me: Well, the PM didn't find that neccesary...
Bob: (Oo) of course it is... are we going for security by default or what?
Me: Yup agreed.
Bob: *creates cert and sets everything up in under a minute*
It wasn't a high profile site (tiny side project) but why not add SSL when you can for free?
undefined
cyber security
ssl