I'm suggesting that site operators need to use HTTPS. It doesn't matter if you u... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		PLejeck on Oct 14, 2013 \| parent \| context \| favorite \| on: Rails' CookieStore isn't broken I'm suggesting that site operators need to use HTTPS. It doesn't matter if you use Rails, PHP, Node.js, whatever. USE HTTPS. NEVER USE HTTP. It's as simple as that. Never assume that anything transmitted over HTTP is safe, because that assumption will come back to bite you.

thibaut_barrere on Oct 14, 2013 [–]

Exactly - use force_ssl true in the case of Rails.

rmrfrmrf on Oct 14, 2013 | [–]

do you ever get a headache from sitting in this echo chamber all day?

thibaut_barrere on Oct 14, 2013 | | [–]

I'm not sure to understand (I see that you're likely using irony, but I'm not a native english speaker).

Are you suggesting not using SSL?

If not, can you clarify your point?

Thanks.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact