Confirmed users
19
edits
Talk:Extension Manager:Addon Update Security: Difference between revisions
Talk:Extension Manager:Addon Update Security (view source)
Revision as of 14:23, 15 September 2007
, 15 September 2007→PHP implementation
The RedBurn (talk | contribs) |
|||
| Line 64: | Line 64: | ||
There are no plans to provide such a version of the tool, firstly we can only really concentrate on one form of the tool for the time being and the simple application will be usable by the majority of authors. Secondly what you are suggesting is questionable from a security perspective since it requires you keep your cryptographic keys and passwords on a webserver. Really for what you are suggesting either one person should do the ultimate signing of the update, or simply host using ssl which is the preferred option for large scale hosting. | There are no plans to provide such a version of the tool, firstly we can only really concentrate on one form of the tool for the time being and the simple application will be usable by the majority of authors. Secondly what you are suggesting is questionable from a security perspective since it requires you keep your cryptographic keys and passwords on a webserver. Really for what you are suggesting either one person should do the ultimate signing of the update, or simply host using ssl which is the preferred option for large scale hosting. | ||
[[User:Mossop|Mossop]] | [[User:Mossop|Mossop]] | ||
As you guess, it's not a commercial site, so a paid SSL certificate is not an option.<br /> | |||
What about delivering SSL certificates signed by Mozilla (which should be added to the trusted authorities) ?<br /> | |||
I think that the price of the certificates is the main obstacle for the authors to use SSL. [[User:The RedBurn|The RedBurn]] 07:23, 15 September 2007 (PDT) | |||