Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

One small issue: https://salaryshare.me/ does not work. Considering who this is targeted at, I wouldn't want my office mates who are my co-workers to snoop on my POST to your site. Kind of defeats the purpose.


Do your coworkers routinely sniff your network traffic?

It sounds like an awfully rude thing to do.


I don't think so, but why put them in a position where they'd be tempted? If I send out a link to the salary share pool on our internal chat, the assumption is that at least some people will go filling it out around that time. If someone gets the temptation to know exactly what's going on, they could start up a packet sniffer. OTOH, a StartSSL cert would prevent all of this from happening.


Would you be okay with the cert provided by webfaction (where the site is hosted?), for now?

https://salaryshare.me


I imagine that this will deter people from quickly starting up a packet sniffer when they share links to your site. However, how are you able to use webfaction's cert? Do they just give you their private key? Or is it just a cert that is not really signed by anyone and the common name is set to *.webfaction.com? In other words, this does not mean that you can spoof www.webfaction.com's signature, corret?


I think it's shared hosting.


Firefox throws an untrusted connection warning that this certificate belongs to another website.


It's a stopgap measure (because you have to click through the cert exception, because the domain name on the cert doesn't match the URL), but it will still encrypt the data just fine.

The warning will confuse some people (such as yourself); that's why the dev asked if it was okay.


So submit your entry from home then.


or phone.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: