Forced HTTPS on web site

Andrew Savchenko bircoph at gmail.com
Fri Mar 9 14:53:06 UTC 2012


On Fri, 09 Mar 2012 15:31:53 +0100 Alexander Kriegisch wrote:
> Maybe
> it would be a good idea to either use a commercial certificate or, if
> that is too expensive, continue using the self-signed one, but only to
> log in and after you are logged in.

Commercial certificate is not necessary, CACert certificates are
acknowledged by any sane browser and may be obtained for free after
registration.

Self-signed certificate is inappropriate solution anyway, because it
provides no real security (forged server may use its own self-signed
certificate) and will be rejected by most check patterns.

Ticket about this bug was opened long time ago, by the way:
https://www.midnight-commander.org/ticket/2578

> Me personally, I know how to import a cert, but this knowledge should
> not be necessary to access your web site without being annoyed by the
> warning all the time

Users who are not able to install a certificate, should learn how to
do so. Really, I was always amused why one needs a license to drive a
car and no license to use a computer, though computers are more
complex and sophisticated than cars even considering onboard
electronics on modern cars.

Best regards,
Andrew Savchenko
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.midnight-commander.org/pipermail/mc-devel/attachments/20120309/11f566a9/attachment.asc>


More information about the mc-devel mailing list