Posts tagged with 'ssl'

Making an Azure static website EVEN MORE secure

Remember how I was congratulating myself that I’d made my static website, that is hosted on Azure, secure? How I’d bought and uploaded an SSL certificate, and made the site only accessible via HTTPS? Well, HA! I say that, because Barry Dorrans (self-described as “Microsoft's .NET security person”) was ‘kind’ enough to point out that I hadn’t really finished the job. I hadn’t added the proper “security headers” (WTF are they?) via a web.config (wut? it’s a static site!) and that I should...


Making an Azure static website secure

One thing that’s been niggling at the back of my mind for a little while, is that of making my various domains secure. Getting and installing a certificate. Making HTTPS the default. Using SSL. All that jazz, mostly triggered by the news that Chrome and Firefox are going to start shaming – er, sorry, indicating in the address bar – those sites that are not secure. But, OK, I admit it, all the stuff I’ve read just seems to point out how deeply involved it all is, how expensive, and so on. This ain...


PCPlus 315: Safe online transactions

In which I talk about how to solve the problem of communication between two entities (I talk about the archetypal Alice and Bob) so that no one else (notably, Eve) can listen in, and no one (especially Mallory) can monkey around pretending to be Alice to Bob or vice versa. (For those not in the know why these names were chosen, Alice and Bob just designate A and B, Eve is the eavesdropper and Mallory the man-in-the-middle.) I start off with DES (Data Encryption Standard), an old fashioned encryption...