ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Suggestion: HTTPS download link

https://mail.forum.configserver.com/viewtopic.php?t=8266

Page 1 of 1

Suggestion: HTTPS download link

Posted: 20 Nov 2014, 18:30
by novawave
We love CSF, but we're concerned that no secure download is available.

Since CSF is critical to many servers' security, it could be the target of attack. Imagine a man-in-the-middle or poisoned DNS providing a modified csf.tgz. It could contain a backdoor or other nasty code that you're installing without knowing any better.

Please consider providing the download link and updates over HTTPS/SSL with a trusted cert. It would ensure that the install is coming from you.

Re: Suggestion: HTTPS download link

Posted: 10 Dec 2014, 18:20
by Zonefox
Yes, second that.

Given the very nature of this software and its perceived "reputation", it is indeed important to prevent MITM-attacks by serving the download over secure connection.

Re: Suggestion: HTTPS download link

Posted: 30 Dec 2014, 02:55
by marcele
The download links have all been updated to use ssl:
https://download.configserver.com/csf.tgz

I'm sure that Chirpy will update the auto update code to use it in the next release.

Re: Suggestion: HTTPS download link

Posted: 30 Dec 2014, 03:01
by novawave
Thank you! That's awesome :)

Re: Suggestion: HTTPS download link

Posted: 01 Jan 2015, 09:39
by ForumAdmin
This has now been added to all of our download links and upgrade code in our scripts.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited