We love CSF, but we're concerned that no secure download is available.
Since CSF is critical to many servers' security, it could be the target of attack. Imagine a man-in-the-middle or poisoned DNS providing a modified csf.tgz. It could contain a backdoor or other nasty code that you're installing without knowing any better.
Please consider providing the download link and updates over HTTPS/SSL with a trusted cert. It would ensure that the install is coming from you.
Suggestion: HTTPS download link
Re: Suggestion: HTTPS download link
Yes, second that.
Given the very nature of this software and its perceived "reputation", it is indeed important to prevent MITM-attacks by serving the download over secure connection.
Given the very nature of this software and its perceived "reputation", it is indeed important to prevent MITM-attacks by serving the download over secure connection.
Re: Suggestion: HTTPS download link
The download links have all been updated to use ssl:
https://download.configserver.com/csf.tgz
I'm sure that Chirpy will update the auto update code to use it in the next release.
https://download.configserver.com/csf.tgz
I'm sure that Chirpy will update the auto update code to use it in the next release.
Re: Suggestion: HTTPS download link
Thank you! That's awesome 
-
ForumAdmin
- Moderator
- Posts: 1523
- Joined: 01 Oct 2008, 09:24
Re: Suggestion: HTTPS download link
This has now been added to all of our download links and upgrade code in our scripts.