As far as I am concerned, HTTPS by itself doesn't do miracles. It
involved more tech. Unless you can hack the global web infra, it's only
possible to change this on a local network. Wouldn't there be more
interesting targets in such situations?
Don't get me wrong, I am not trying to downplay the lack of HTTPS. But
I do understand why this has no priority whatsoever. Proper HTTPS is
more than work than running ACME to get a certificate issued. DANE,
CAA, etc.
On Tue, 2018-02-06 at 15:43 -0800, Charlie Eddy wrote:
> "Can I update the value of "hosted_button_id" and
> send you to my Paypal account ?"
>
> this
>
> is much cleaner, more logical, more formal, and more sensible than
>
> "No need to have this one https type really there isn't any
> information
> you enter on it..."
>
> On Tue, Feb 6, 2018 at 1:10 PM, Denis Fondras <openbsd@ledeuns.net>
> wrote:
>
> > > If you actually donate and click on any links there you would see
> > > it
> > > bring you to a secure page.
> > >
> >
> > But is this the right link ? Can I update the value of
> > "hosted_button_id"
> > and
> > send you to my Paypal account ?
> >
> > Denis
> >
> >
No comments:
Post a Comment