Website sends Azure storage account access keys over unencrypted HTTP connection. #1
Comments
|
Hi, first of all, let me tell I'm not a "web developer", I created this project a long time ago while learning about Azure Storage. Thanks for the comment |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am pretty sure, you are aware of this. Why a web developer offers a service in such an unsecure way? The least you could have done is to notify potential users about this security aspect. Then they could choose whether they use your service. I am not aware of any notes regarding neither on the website nor on Github project page.
I forked your project, deployed using "Deploy to Azure" button. I was pretty surprised to find, that Azure websites have SSL endpoints out-of-the-box.
A more secure solution just needs a couple of minutes. Please update the link on your website to use HTTPS. Thank you for creating this tool.
A more complete approach would disable HTTP endpoint or force HTTPS too. Given that the link to your website is spread over the internet, a redirection could help.
References
The text was updated successfully, but these errors were encountered: