in light of recent disclosures i would not be too optimistic about
https at this point in time since if an endpoint is compromised https
will offer no real meaningfull protection in some cases. however having
said that at least there is some degree of protection against compromise
of data.
On 13/03/2017 17:08, Tony Whyman via Lazarus wrote:
Has anyone thought about supporting https on the Lazarus (and Free
Pascal) websites? Firefox, for example, is getting increasingly sniffy
about unprotected websites and for good reason.
It would also be useful to protect the svn feeds, if only to reduce
the risk of a man in the middle attack sneaking something nasty into
the source code.
Let's encrypt (https://letsencrypt.org/) seems to offer a very good
free service for https certificates where the objective is to protect
the connection and give reasonable confidence that you are talking to
the named website, so there does not seem to be a cost reason why
https is not supported.
Tony Whyman
MWA
--
_______________________________________________
Lazarus mailing list
Lazarus@lists.lazarus-ide.org
http://lists.lazarus-ide.org/listinfo/lazarus
