I’ve not read this yet, just passing it along, as it looks really interesting.

I’m not affiliated in any way with this.

ETA: If anyone has read it / bought a copy, a review would be very appreciated.

    • witten@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      6 months ago

      The site links to a site that accepts payment data. So because the author’s site is http, a MITM attacker could change the payment links from lulu.com to site-that-actually-steals-your-credit-card.com.

      That’s one huge thing https provides over http… assurance of unadulterated content, including links to sites that actually deal in sensitive data.

    • Encrypt-Keeper@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      6 months ago

      The site is encrypted but you can also access the site over http. The author hasn’t configured any kind of HTTPS upgrade. This is an easily correctable oversight that a self proclaimed “self hosting expert” should have accounted for.

    • Saik0@lemmy.saik0.com
      link
      fedilink
      English
      arrow-up
      3
      ·
      6 months ago

      Why would the lack of SSL concern you?

      Because it means my traffic to that site is in the clear. And while we’re not transacting anything sensitive necessarily. It’s still best practice to limit sniffing.

      Automatically swapping to https should be default behavior for every website.

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      3
      ·
      6 months ago

      Why wouldn’t that concern you? That means it is totally plain text with zero verification of incoming data or encryption. It is really easy to tamper with http traffic.