Message137806
> If you make an HTTPS connection without checking the certificate, what
> security does it add?
Well, it does prevent the most trivial class of attacks (sniffing).
That said, Python has support for certificate checking, especially in 3.2+, so you should use that. You could e.g. bundle the CACert root certificate with the distribution. |
|
Date |
User |
Action |
Args |
2011-06-07 11:16:06 | pitrou | set | recipients:
+ pitrou, loewis, fdrake, barry, techtonik, tarek, jwilk, eric.araujo, Arfrever, skrah, alexis |
2011-06-07 11:16:05 | pitrou | set | messageid: <1307445365.99.0.689464535688.issue12226@psf.upfronthosting.co.za> |
2011-06-07 11:16:05 | pitrou | link | issue12226 messages |
2011-06-07 11:16:05 | pitrou | create | |
|