danielvijge
commented
3 years ago Is there any advantage of downloading over HTTPS from the point of LMS?
Closed mavit closed 3 years ago
danielvijge
commented
3 years ago Is there any advantage of downloading over HTTPS from the point of LMS?
mavit
commented
3 years ago If we download plugins over HTTP, a man in the middle can have us execute arbitrary code.
To put it another way, is there an advantage of downloading over HTTP nowadays?
mavit
commented
3 years ago If we download plugins over HTTP, a man in the middle can have us execute arbitrary code.
On second thoughts the SHA1 checksum probably mostly covers us for now, although I understand that SHA1 is looking pretty shaky these days.
Working SSL is required for the plugin, and many of these links already redirect to HTTPS anyway.