13
edits
Talk:SSL Encryption: Difference between revisions
m
→The stated SSL cert fingerprints appear out of date
Wikieditor (talk | contribs) (SSL Key Changed, Never Documented?) |
|||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
The stated SSL cert fingerprints appear out of date | == The stated SSL cert fingerprints appear out of date == | ||
Notary Lookup for: anidb.net:443,2 | Notary Lookup for: anidb.net:443,2 | ||
| Line 32: | Line 32: | ||
start: 1272957972 - Tue May 04 2010 | start: 1272957972 - Tue May 04 2010 | ||
end: 1303542973 - Sat Apr 23 2011 | end: 1303542973 - Sat Apr 23 2011 | ||
: The entire article should be updated in light of the December, 2015 change to Let's Encrypt certificates, including a mention of issues with certain subdomains not using those certificates and use of HSTS header / browser recall of HTTPS for all anidb subdomains. [[User:Belove|Belove]] ([[User talk:Belove|talk]]) 11:47, 23 January 2016 (UTC) | |||
== Security? == | |||
"All requests for images, stylesheets and other page elements are NOT encrypted. Such requests should usually not be directed towards "anidb.net" but rather towards specific subdomains [and] do not include the AniDB authentication cookies and should thus not allow attackers to hijack your AniDB session." | |||
You guys are aware there are ways to use css to trick various browsers into executing scripts, and hence running code that hijacks sessions and bypasses https... right? [[User:Dantman|Dantman]] 02:23, 19 November 2012 (CET) | |||