-
Notifications
You must be signed in to change notification settings - Fork 293
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#moarSSL free SSL links #25
Conversation
this is free so folks should know about it. please don't use #CloudBleed to say something silly like "CloudFlare is not safe because it was hacked": https://www.troyhunt.com/pragmatic-thoughts-on-cloudbleed/
@@ -57,9 +57,9 @@ You would need at least one domain for your website, one for your API, and one f | |||
|
|||
* A third domain is needed for internal use and back office. This domain would probably be registered anonymously, so it would be a little more difficult to find. | |||
|
|||
### Use SSL where possible | |||
### Use SSL/TLS/HTTPS everywhere! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this one is ok
security.md
Outdated
|
||
Use SSL anywhere possible. In your website, your API, your back office servers, and if it's not too difficult even between internal services. | ||
Use SSL anywhere possible. In your website, your API, your back office servers, and if it's not too difficult even between internal services. You can even get away with [free SSL using CloudFlare](https://www.troyhunt.com/how-to-get-your-ssl-for-free-on-shared/) for some time before you need to pay for it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AWS would give you free certs forever. What's CloudFlare value proposition here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AWS would give you free certs forever
With your own domain name? You're not talking about a shared cert are you?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can get free SSL from at least StartSSL, Let's Encrypt and CloudFlare, possibly more. CloudFlare's system requires using them as your DNS server, and possibly forwarding all traffic through them, which you may not want to do (although I've used it in the past, and it is a great service).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As I wrote at the bottom of the document, the vendor mentioning issue is tricky. Let's continue the discussion here #30
I will close this PR now
Need to discuss vendor issue |
@itaifrenkel Rather than closing the PR and loosing what value could have been in part, why couldn't we just propose to drop the link and leave the remainder of the improvements? |
this is free so folks should know about it.
please don't use #CloudBleed to say something silly like "CloudFlare is not safe because it was hacked": https://www.troyhunt.com/pragmatic-thoughts-on-cloudbleed/