Re: hosting lua.org

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: hosting lua.org
From: "Pierre Chapuis" <lua@...>
Date: Wed, 23 Aug 2023 16:17:11 +0200

On Wed, Aug 23, 2023, at 14:22, Jonathan Goble wrote:

And this is unquestionably a bug on the site itself. There is zero excuse for serving invalid certificates.

If the site does not want to be accessible over HTTPS (and I'll refrain from adding to the argument against that even though every bone in my body wants to), then at the ABSOLUTE BARE MINIMUM it should not listen on port 443 at all - i.e. accessing https://lua-users.org should return a simple 404 error, not a security warning.

While I agree with this... This is hardly the main "security" issue with this wiki.

Did you notice that any page can be edited by anyone with no registration at all? :)

Pierre Chapuis

Follow-Ups:
- Re: hosting lua.org, Mouse

References:
- Re: hosting lua.org, Rob Kendrick
- Re: hosting lua.org, Paul Ducklin
- Re: hosting lua.org, Jonathan Goble

Prev by Date: Re: hosting lua.org
Next by Date: Re: hosting lua.org
Previous by thread: Re: hosting lua.org
Next by thread: Re: hosting lua.org
Index(es):
- Date
- Thread