Unterhaltung

Nachrichten

1. pztrn

   What a fuck... Why do every script enforces #HSTS? What about if I want to install it somewhere on LAN with self-signed certificate??? Shouldn't HSTS be a WEBSERVER prerogative instead of application? >.< #killThoseBitches #mmnDontTakeItPersonally

   Friday, 14-Aug-15 16:29:56 UTC von sn.pztrn.name
   • windigo

     @pztrn Until the cert system is fixed, self-signed is always going to be mistaken for malicious - unless you set up your own CA & trust. :(

     Friday, 14-Aug-15 16:43:59 UTC
   • pztrn windigo

     It is not a point to enforce #HSTS on application level, anyway.

     Friday, 14-Aug-15 16:46:02 UTC
   • lnxw48 windigo

     @windigo @pztrn The #CertAuthority system cannot be fixed. It is functioning as designed. We can only hope for replacement.

     Friday, 14-Aug-15 16:51:02 UTC
   • windigo

     @pztrn I could agree with that - especially if your application lends itself to self-hosting.

     Friday, 14-Aug-15 16:52:16 UTC
   • pztrn lnxw48

     I'm not talking about CA system, which is obviously shitty and corruptioned. I'm talking about enforcing #HSTS (HTTP Scrict Transport Security) on application level, like enforcing it in PHP scripts (examples: GNU social, ownCloud). It forces …

     Friday, 14-Aug-15 16:54:21 UTC