Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

#moarSSL free SSL links #25

Merged
merged 3 commits into from
Mar 9, 2017
Merged

#moarSSL free SSL links #25

merged 3 commits into from
Mar 9, 2017

Conversation

cottsak
Copy link
Contributor

@cottsak cottsak commented Mar 8, 2017

this is free so folks should know about it.
please don't use #CloudBleed to say something silly like "CloudFlare is not safe because it was hacked": https://www.troyhunt.com/pragmatic-thoughts-on-cloudbleed/

@cottsak
moar SSL
f79da44 
this is free so folks should know about it.
please don't use #CloudBleed to say something silly like "CloudFlare is not safe because it was hacked": https://www.troyhunt.com/pragmatic-thoughts-on-cloudbleed/
@cottsak
this point needs to be driven home - SSL is critical
e109891
itaifrenkel
itaifrenkel reviewed Mar 8, 2017
View reviewed changes
security.md
@@ -57,9 +57,9 @@ You would need at least one domain for your website, one for your API, and one f

* A third domain is needed for internal use and back office. This domain would probably be registered anonymously, so it would be a little more difficult to find.

### Use SSL where possible
### Use SSL/TLS/HTTPS everywhere!
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this one is ok

itaifrenkel
itaifrenkel reviewed Mar 8, 2017
View reviewed changes
security.md Outdated

Use SSL anywhere possible. In your website, your API, your back office servers, and if it's not too difficult even between internal services.
Use SSL anywhere possible. In your website, your API, your back office servers, and if it's not too difficult even between internal services. You can even get away with [free SSL using CloudFlare](https://www.troyhunt.com/how-to-get-your-ssl-for-free-on-shared/) for some time before you need to pay for it.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AWS would give you free certs forever. What's CloudFlare value proposition here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AWS would give you free certs forever

With your own domain name? You're not talking about a shared cert are you?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can get free SSL from at least StartSSL, Let's Encrypt and CloudFlare, possibly more. CloudFlare's system requires using them as your DNS server, and possibly forwarding all traffic through them, which you may not want to do (although I've used it in the past, and it is a great service).

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As I wrote at the bottom of the document, the vendor mentioning issue is tricky. Let's continue the discussion here #30

I will close this PR now

@itaifrenkel
Copy link

Need to discuss vendor issue

@itaifrenkel itaifrenkel closed this Mar 8, 2017
@cottsak
Copy link
Contributor Author

cottsak commented Mar 9, 2017

@itaifrenkel Rather than closing the PR and loosing what value could have been in part, why couldn't we just propose to drop the link and leave the remainder of the improvements?

@itaifrenkel itaifrenkel reopened this Mar 9, 2017
@itaifrenkel itaifrenkel merged commit 25ff31d into forter:master Mar 9, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rjmunro rjmunro rjmunro left review comments

@itaifrenkel itaifrenkel itaifrenkel left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cottsak @itaifrenkel @rjmunro