override HTTPS certificate failure
Peter TB Brett
peter.brett at livecode.com
Wed Oct 26 03:01:11 EDT 2016
On 25/10/2016 20:41, Lyn Teyla wrote:
> 2. If the user elects to trust the certificate, save the certificate
> details received from the server during that first connection.
You've forgotten an extremely important step: train the user to be able
to distinguish a valid-but-not-trusted certificate from an invalid one.
No-one has succededed in doing this, and research has shown that
offering users the ability to override certificate validation failures
merely trains users to ignore certificate failures.
Allowing on-demand verification-skipping is contrary to security best
practice and will expose you to risk.
- If you need to use self-signed certificates, install the relevant
certs in the certificate store on all devices that need to trust them
- If you don't care about the security of a connection, and the only way
to use HTTPS is with a certificate that you can't trust, use HTTP
- If you're prompting the user to allow them to bypass verification
(please don't), never ever trust the failed certificate permanently; not
even SSL experts reliably make the correct decisions in these scenarios.
Your company's and your customers' security depends on you deploying and
_enforcing_ security best practice.
1. Fix your SSL keys and 2. enforce verification.
Peter
--
Dr Peter Brett <peter.brett at livecode.com>
LiveCode Technical Project Manager
lcb-mode for Emacs: https://github.com/peter-b/lcb-mode
More information about the use-livecode
mailing list