[REST Ignore Certificates] Not to be used in production

[REST Ignore Certificates] Not to be used in production

  
Forge Component
(0)
Published on 27 Jun by Pedro Oliveira
0 votes
Published on 27 Jun by Pedro Oliveira

Hi Pedro.

Please change the description of this component alerting that this component shouldn't be used in production, otherwise the server would be vulnerable to man-in-the-middle attacks.


Before you say it, I know very well that there are some use cases that make this valid (proof of concepts, lazy third-parties that just won't renew their certificates, out of sync CA stores). But the truth is, ignoring certificates takes away every security provided by HTTPS.

Solution

Great point!

You are totally right and I'll add a highly visible warning for that.

Solution