Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Andreas17

Pages: [1]
1
Almost all providers of web services with a login provides their web page with HTTPS - banks, shops etc. Even the login credentials for your forum are transmitted as clear text. So why do they invest in security which you argue as unneeded or too expensive?

I understand that security is not for free. I hope you'll find a valuable business model which allows you to provide a minimal security level to protect your product and your customers.

Kind regards,
Andreas

2
Hello

The Multi Commander is really a great tool. But unfortunately it's exposed severely for security vulnerabilities
1. Its web page uses still HTTP but not HTTPS. So no user has a chance to prove it by checking the certificate. Man-in-the-middle and many other attacks can not be detected.
2. The application is not digitally signed. A modification of the application by a malicious app cannot be detected.
Neither authentity nor authority can be proven.

Question: Are you really willing to jeopardise your great work by such silly security omissions?
That would be really a bummer.

So please fix that. https://letsencrypt.org/ offers certificates free of charge.

Thanks.

Kind regards,
Andreas


Pages: [1]