On Fri, Jan 10, 2020 at 12:48:28PM +0000, Chris Green wrote:
On Fri, Jan 10, 2020 at 12:20:25PM +0000, Laurie Brown wrote:
On 10/01/2020 11:51, Chris Green wrote:
[SNIP]
TLS?
That's the question, not the answer! :-)
It is the answer actually. I do think you're worrying too much, but as long as you control your own DNS, Let's Encrypt gives free certificates, and implementing them is trivial. If you're worried about MiM attacks, then use HTTPS.
I'm not worrying about MIM attacks, I'm asking if I *should* be worried about them! :-) I have a Let's Encrypt certificate for the site and have some of the pages on HTTPS already. I guess I can simply put everything on the HTTPS server.
Yes, I hadn't really thought about it before, all I had to do was delete the apache HTTP 'site enabled' file and it's done! :-)
It even automatically redirects HTTP request to HTTPS.
Silly me!