On 27/10/2016 00:19, Charles Warwick wrote:
You probably should care about implementing them. I can think of several
ways to exploit this situation, especially if your test servers are not on
the same private network as the developers who are accessing them.
That isn't feasible if the app developer has no control over the web servers
that they are connecting to. It is common for an app developer to have to
write an application to communicate with servers that are not under their
control. While they can recommend the server administrator to implement those
things, when it comes to demonstrating an app in a testing environment in
order to get paid, I think most developers would agree that they would prefer
to not push too hard!
This is exactly my (OP) situation. I have indeed already mentioned Let's
Encrypt to my clients - but telling that everything must halt until they mend
their ways is not an option, so I was very glad when Lyn pointed me at
libUrlSetSSLVerification.
Ben
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
