liunian / crypto-js

Automatically exported from code.google.com/p/crypto-js
0 stars 0 forks source link

[documentation] Add recommendation to use https #147

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Just stumbled across this project and I find it very interesting.

However, i noticed that in the project home, all examples load the JS file 
using plain HTTP.
It's true that one using this library probably can figure out by himself, but I 
believe it would be wise to update those examples to use HTTPS instead 
(googlecode is also available under HTTPS) and perhaps add a recommendation to 
use HTTPS on *all* components of a security-sensitive web application (at least 
all components that may contain javascript, like html and js files).

The reason is quite simple: plain HTTP is subject to man-in-the-middle attacks, 
so an attacker could easily inject malitious code into the client's browser 
(say, pretending he is code.google.com) and grab the sensitive information.

Original issue reported on code.google.com by davide.k...@gmail.com on 22 Feb 2015 at 10:06