Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
burgerbrain
on Dec 21, 2010
|
parent
|
context
|
favorite
| on:
Ask HN: Why doesn't HN use SSL/HTTPS for its login...
If you can't do it properly...
amethyst
on Dec 21, 2010
[–]
It's open source, you could always donate some of your own time to do it properly...
mike-cardwell
on Dec 21, 2010
|
parent
[–]
As jbyers said, it should be trivial to stick a webserver which supports SSL in front of the app. Perhaps it would be a good idea to modify the app to add the secure flag to the cookie it sets though.
chopsueyar
on Dec 21, 2010
|
root
|
parent
[–]
Why do you care? I've already used Firesheep three times to downvote using your account.
I'll do it with this comment, too.
mike-cardwell
on Dec 21, 2010
|
root
|
parent
[–]
Cool, so what's your password then? Seeing as it doesn't matter if anyone finds it out...
chopsueyar
on Dec 22, 2010
|
root
|
parent
[–]
I only care about your session. You can keep your password, unless I brute-force it from a 37signals webapp.
mike-cardwell
on Dec 22, 2010
|
root
|
parent
[–]
Ah, so you do care enough to not share your password. So I guess the reason I care about SSL is the same reason you care about SSL.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
