![]() ![]() For a good reference to configure TLS on Nginx (and other servers), see Recommended Server Configurations (Mozilla Wiki).Īlso, a handy tool to get a free TLS certificate is Let’s Encrypt, a free, automated, and open certificate authority (CA) provided by the Internet Security Research Group (ISRG). In general, we recommend Nginx to handle TLS. In other words, if you were using SSL before, consider upgrading to TLS. ![]() TLS is simply the next progression of SSL. You may be familiar with Secure Socket Layer (SSL) encryption. Although Ajax and POST requests might not be visibly obvious and seem “hidden” in browsers, their network traffic is vulnerable to packet sniffing and man-in-the-middle attacks. ![]() This technology encrypts data before it is sent from the client to the server, thus preventing some common (and easy) hacks. If your app deals with or transmits sensitive data, use Transport Layer Security (TLS) to secure the connection and the data. If you are, update to one of the stable releases, preferably the latest. Do not use them! If you haven’t moved to version 4, follow the migration guide.Īlso ensure you are not using any of the vulnerable Express versions listed on the Security updates page. Security and performance issues in these versions won’t be fixed.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |