You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 11, 2023. It is now read-only.
Genuine question on this one - but is pinning not considered an obsolete / bad practice today? I'm by no means a security expert but it was my impression that this causes more issues than it solves, and has since been essentially abandoned. Just noticed this when reviewing your security documentation (as a form of basic checklist if anything)...
Genuine question on this one - but is pinning not considered an obsolete / bad practice today? I'm by no means a security expert but it was my impression that this causes more issues than it solves, and has since been essentially abandoned. Just noticed this when reviewing your security documentation (as a form of basic checklist if anything)...
I may be wrong!
Some references I've reviewed:
https://www.digicert.com/blog/certificate-pinning-what-is-certificate-pinning
https://cheapsslsecurity.com/p/what-is-http-public-key-pinning-and-why-its-not-good/
https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning
Maybe I'm getting confused with two different approaches.
Thanks
The text was updated successfully, but these errors were encountered: