Hmm, might be that I have to add an SSL certificate to my website. It's currently still http.

@ericbuijs once you do you'll need to keep refreshing it (unless you commit very long) or it will expire when you are on vacation :-)

@grumpy_developer @ericbuijs certbot can be set to autorenew certificates, very useful :)

@Kevin lol, yes I've been very lazy. But I'll change it soon. It's a promise.😀

@ericbuijs certbot + let's encrypt is really easy to set up atm


if you do not request sensible information you don't really need to use a ssl certification, however Gugl, if this does really matter something for you, might exclude your website from it search results

@daniel01 @ericbuijs … What about MITM attacks inserting malicious JavaScript that exploits a vulnerability in the browser to perform arbitrary code execution on the client's machine?

Protect your users. Use HTTPS.

An SSL will not avoid a MITM attack, it is more secure a browser extensions that disable weird javascript behavior like Privacy Badger or even uBlock origins. The Idea that your security is managed by a third in unsafe for definition.

@daniel01 Fair point; I keep forgetting that CAs are no security at all.

It prevents a trivial MITM-in-transit attack, anyway, but that's about it.

@daniel01 I'm trying to get the ActivityPub add-on in WordPress working to enable Mastodon users to comment on my blog. If I tried to contact my blog from Mastodon I got an error message that SSL was missing. Anyway I've got the certificate for the website now.

in that case you don't have choices... 😎
Sign in to participate in the conversation

Fosstodon is a Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.