On Feb 28, 4:13 am, Aaron Boodman <[email protected]> wrote: > This is cool. > > I worry about the fact that it is downloading code over HTTP. Of > course userscripts.org does this too, but the regular updates this > fires off make it easier to attack.
Technically, it doesn't fetch anything from us.o over HTTP except the length in bytes from the Content-Length header. As I said, it makes a HEAD request which always returns an empty response body. Users have to actually go to us.o to download the update themselves. I could link to a https URL, but as you said there is a certificate mismatch :/ Other userscript updaters can be seen on this group: http://userscripts.org/groups/6/scripts But I found them bloated and/or intrusive. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "greasemonkey-users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/greasemonkey-users?hl=en -~----------~----~----~----~------~----~------~--~---
