client: i want to make an e-commerce site.
.
.
developer: how much are you willing to spend?
client: i'm on a tight budget, as cheap/low as possible.
.
.
web development on a budget y'all :------)

Yes ! https://www.cloudflare.com/
*I think he means without paying for SSL certificate*

Wait a minute,
Can’t afford ssl, I’d hate to see the Security measures for data then 😳

@C0D4
Developer : huh? What's security?

Check out "let's encrypt"

https://letsencrypt.org/

Added link

@TheBeege did you just.. patched your commit and commented it?

@TheBeege this is the perfect example of appearing to be secure... Like it's free it has to be reliable...

Sure you can... But the browser will not like you

@Dollique Are you saying that LetsEncrypt isn't secure or reliable? If so, could you provide some sources? I'm curious as it's used in a few areas I touch.

Looking for links to research and such.

How about only encrypting with RC4.
Or use your own Apache that is suseptible to Heartbleed or OPTION-Bleed.

I guess Bash had a bug too to which you could downgrade. And include a kernel with CoWRoot.

@LinusCDE when you're done create a github repository with all your root passwords. I mean, it's github, it's not like anyone is going to follow any of your repos anyway

I want enormous functionality, and you're going to do it for free, because I think you are desperate for exposure.

@Dollique So, by that logic, are you implying that FOSS isn't any good?

@xorith @datawraith
I support FOSS but one should be aware of the limitations it can have.
Here is an explanation about some problems of let'sencrypt: https://scotthelme.co.uk/lets-encry...

Is it possible to show Windows on linux?

@Dollique so, according to the article in the link, it enables bad guys using Lets Encrypt for their phising websites.
In your comment you insinuated that using the certificate for your website doesn't mean that your is secure, but that's nonsense. Your own website uses https, but you can't trust the integrity of other websites by their certificate anymore.

This is pure gold 😂😂

@Devvy I don't understand? My website? What I understand is that not every website is equally secure and that there are some things missing in the free alternatives like (CA cert). But this is just something I read and not something I can judge.

@lindows possible to open bob and vagne

@Dollique The article indicates that bad actors may use LE to legitimize their websites. It also provided a nice point as to why that's ok and how we need to solve that issue in another way.

It does not indicate that LE is any less secure or reliable as your comment would seem to indicate.

At the end of the day, use LetsEncrypt and stop the proliferation of insecure HTTP.

@xorith @Artemix Thanks for the explanation. I had in mind that some years ago there were some people claiming that free SSL should be avoided but maybe this changed.
I have one question though, why should one use paid SSL if the free ones are as secure?

@Dollique
When you want a SSL cert that is OV (organisation verified), these are the ones where the company name is on SSL icon in the browser (like paypal, eBay, etc).

The OV certs offer you the piece of mind that your on the website you think you’re on and not a phishing alternative with a very close domain name.

Or if you run several sub domains that you want to use a single SSL certificate for you need to purchase a wildcard as LetsEncrypt doesn’t support those (yet)

@Artemix
That’s why I said “yet”

I believe that’s for January, which will be great for a couple of sites I maintain.

But I’m sure the explosion of phishing sites will grow a bit quicker only having a single SSL cert to deal with.

This reminds me of when people ask artists to work for exposure.

A screenshot to a secure app will do.

He can get a self signed certificate. But a red x would appear on the lock icon.

@Dollique if you'd like some detailed information on certificates, free and otherwise, I suggest you read what Troy Hunt has to say on this subject: https://troyhunt.com/on-the-perceiv...

Let's Encrypt is a free service that gives certificates just as good as, say, Comodo DV certificates. Comodo and its like are terrified of that, because they don't and can't add any value (other than EV certificates).

You know how when you use heroku, or cloudflare, or firebase on a custom domain. You still get SSL support? They use Let's Encrypt. They've issued more than 100,000,000 certificates already. They support the newest standards of openness.

In my opinion, once they support wildcards, unless you really need greenbar there'd be no reason to use any other certificate provider.

@C0D4 LE nicht nur support wildcard, but at least got can register as many sub-/domains as you want and also add/remove them from an existing certificate.

I'm usually using 1 certificate per root domain.

It's definitely possible! Most browsers are open source, just download the source, update the strings you want to update, and compile!

@TheBeege

Opened this to comment. All my sites are powered by this.

You can always make a self-signed certificate, that Will do it for you.

Cons: it'll be red, there Will be a line through and if you hover over it, it Will say it is self-signed.

Pros: it works for School projects, it works for scamming non-it savvy people.

GL my friend!

Are you try Lets encrypt?

@Artemix doesn't letsencrypt require you to have a valid icann domain ?

I have a self signed wildcard cert for my entire *.dev TLD, something LE wouldn't let me do because the domains are ofcourse non existent.

PS I assume he meant scamming friends as in 'add a record to their hosts file.'

Sure. http://https.example.com