this post was submitted on 19 Jul 2024
175 points (98.3% liked)

Asklemmy

43939 readers
435 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] 5redie8@sh.itjust.works 5 points 4 months ago (1 children)

They used a wildcard SSL for all of their clients to transact all information.

glances at my home server setup nervously

[โ€“] foggy@lemmy.world 1 points 4 months ago* (last edited 4 months ago) (1 children)

Lol you can totally do it in a home server application. It's even okay if I'm a e-commerce store to use wildcard for example.com and shop.example.com. not a best practice, but not idiotic.

Not idiotic unless you also have a hq.example.com that forwards a port into your internal network...

...where ftp://hq.example.com takes you to an insecure password shield, and behind it is the SSL certificate, just chillin for anyone to snag and use as a key to deobfuscate all that SSL traffic, going across your network, your shop, your whole domain.

[โ€“] 5redie8@sh.itjust.works 2 points 4 months ago

oh... oh no

Well now I feel better thanks hahaha