On Thu, Jul 18, 2013 at 4:34 PM, Forrest L Norvell <[email protected]> wrote: > You could also just ship a certificate / CA bundle for https://myapp.lvh.me/ > and call it good.
Well that would sort of defeat the purpose of HTTPS, wouldn't it? Anyone could grab the private key from the github repo or npm tarball and use it to decrypt communications with servers configured this way. I guess it wouldn't really matter for services that are listening on localhost only but you'd definitely want to make sure nothing ends up on the Internet in this configuration. -T.C. -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
