undefined | Better HN

0 pointsmichaelmior9y ago0 comments

It may not be an option for you, but you could consider using a free proxy service such as Cloudflare.

0 comments

bsuh9y ago

With the caveat that while the password will be encrypted from the browser to Cloudflare, it will still be transmitted as plain text from Cloudflare to your own server if your server doesn't support HTTPS.

So it's an improvement but not entirely a fix.

Latty9y ago

Actually, Cloudflare offer you certs they sign (which wouldn't be trusted by others, but they verify), that you can use to encrypt from the server to them. You still have to trust Cloudflare, but it's not plain text from cloudflare to your server.

If you mean the case where you literally can't serve under HTTPS, it's not just getting the cert that is the problem, in most cases running a local proxy of something that will would fix it, although I accept there are cases (cheap shared hosting, I guess) where that's not an option.

jensvdh9y ago

Wouldn't he still have to install the Cloudflare certs on his server then? In that case why not get LetsEncrypt?

1 more reply

angry-hacker9y ago

Which is not really a true https, depends on your view, but the flexible plan is not encrypted to the source server as one might expect. But if it's possible to set up things that way, it is https, i guess.

bphogan9y ago

Seconding this, because this is what I do for one of my projects.

j / k navigate · click thread line to collapse