I’ve not read this yet, just passing it along, as it looks really interesting.
I’m not affiliated in any way with this.
ETA: If anyone has read it / bought a copy, a review would be very appreciated.
I’ve not read this yet, just passing it along, as it looks really interesting.
I’m not affiliated in any way with this.
ETA: If anyone has read it / bought a copy, a review would be very appreciated.
Or like I already said… is best practice.
“Best practice” isn’t a catch-all rebuttal. Best practices are contextual. I’m keen to see your justification for encryption beyond “all sites should encrypt everything always”.
My assertion is that this isn’t necessary in this case. Why do you think that it is necessary to encrypt open-source, freely available, non-controversial site content?
The site is already available in HTTPS. Why would you even serve content non-encrypted?
If you need an education on the matter… Here you go. https://www.cloudflare.com/learning/ssl/why-use-https/
I don’t feel the need to be your teacher. You can easily google why you should always be using HTTPS. There’s numerous reason… all overwhelmingly obvious. Forget the basic “Not every ISP is an angel, and they all will collect as much information as they can get”. But I already said that… “It’s still best practice to limit sniffing.” Not sure why I need to elaborate any more on that. Very much akin to “why close your window blinds”, because nobody likes a peeping tom.
Ultimately for this specific website it’s literally changing a couple lines of code in their apache or nginx instance (or whatever proxy they’re using). It’s called best practice for a reason.