Application Transport Security deadline for iOS apps

Mike Bonner bonnmike at gmail.com
Mon Jul 11 16:32:06 CEST 2016


Having a pass-through would work, it just always amazes me that "increased
security" forces work arounds that in the end will decrease it.  Forcing a
developer to route all traffic through one hole in this manner so that they
can actually keep things working basically sets up a huge clearinghouse
target.  It would end up being a single point of vulnerability that in turn
compromises every single website on the back side for every single customer
using the service.  Scary.

>> You (i.e. a developer who has one of these apps that scrapes from
non-hhtp sites) could always provide a "relay" site that took https
connections, made the request to the http site and then forwarded the end
result.


More information about the use-livecode mailing list