frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Open in hackernews

Ask HN: Why isn't HTTPS enough to protect your site?

1•01-_-•5h ago

Comments

jsheard•5h ago
Huh? You're gonna have to elaborate a bit.
01-_-•5h ago
why do we have to sanitize the input fields? why do we have to configure more headers? why even if we have https configured do we still have to add many other security elements?
jsheard•5h ago
Because the point of HTTPS is to prevent man in the middle attacks. It isn't supposed to do everything.
codingdave•4h ago
Take a step back and think about what security is in the first place - it is reducing the risk of people engaging in behaviors that you do not want. The list of those behaviors is not consistent between apps, although there is a large base of common concerns. HTTPS resolves one of those common concerns. No more, no less. Expecting one solution to all concerns is not a reasonable expectation.
zahlman•4h ago
The first lesson in cybersecurity (and I would imagine in real physical security as well) is that "protect your [asset]" is not well defined in a vacuum. You need to develop a threat model before you can sanely ask any questions about what actions you do or don't need to take.

HTTPS protects against one specific scenario: a third party is intercepting the communication. So it protects your users against those third parties (who might never forward the request to your site, and instead pretend to be your site; or they might spy on what they say to you or what you say back to them).

It does not protect against malicious users trying to hack your site directly, in any number of ways. Nor does it protect against people trying to hack into your server directly (bypassing the site entirely, although they might have the purpose of damaging your site). And it definitely doesn't protect against people trying to trick your users off-site, for example by sending them an email pretending to be from you.

US House Passes Bill to Assess Threats Posed by Foreign Network Routers

https://www.infosecurity-magazine.com/news/us-house-bill-security-threats/
1•transpute•1m ago•0 comments

Progressive Dehancement

https://dbushell.com/2025/05/02/progressive-dehancement/
1•azhenley•9m ago•0 comments

Mathematics, Quantum Error Correction, Cosmology, and the Hidden Hand of Evil

https://wisewolffinancial.substack.com/p/when-the-code-fails-mathematics-quantum
1•douchecoded•12m ago•0 comments

You can't prevent your last outage, no matter how hard you try

https://surfingcomplexity.blog/2025/05/04/you-cant-prevent-your-last-outage-no-matter-how-hard-you-try/
1•azhenley•12m ago•0 comments

DigitalOcean Managed Caching for Valkey

https://www.digitalocean.com/blog/introducing-managed-valkey
1•motorest•14m ago•0 comments

A Trade Breakdown

https://www.lynalden.com/may-2025-newsletter/
1•alihm•21m ago•0 comments

Detached Observations: Dequeue Phase – What Happens After You Understand?

https://smolnero.substack.com/p/detached-observations-dequeue-phase
2•edgar_ortega•21m ago•0 comments

Generative Modelling in Latent Space

https://sander.ai/2025/04/15/latents.html
1•ydnyshhh•23m ago•0 comments

CORBA: Catching The Next Wave (1997)

https://web.archive.org/web/19981205064221fw_/http://developer.netscape.com/docs/wpapers/corba/index.html
5•Lammy•28m ago•1 comments

NASA Proposal Would Shift Agency's Focus Away from Space Science

https://www.nytimes.com/2025/05/02/us/politics/trump-budget-nasa-cuts.html
11•rntn•33m ago•2 comments

Digital Archaeology, Part II

https://blondihacks.com/digital-archeology-part-ii/
3•hcrisp•36m ago•0 comments

Why are there no thunderstorms in the UK?

https://www.onepotscience.com/why-are-there-no-thunderstorms-in-the-uk/
6•sph•38m ago•1 comments

Re the Boundaries of Human Potential

https://project-genesis.webnode.nl/
2•PGenesis•39m ago•1 comments

Light-activated pacemaker is smaller than a grain of rice

https://physicsworld.com/a/light-activated-pacemaker-is-smaller-than-a-grain-of-rice/
2•EA-3167•40m ago•0 comments

The Robotics Threshold: China's Rise, America’s Reckoning

https://www.edgeofautomation.com/p/the-robotics-threshold-chinas-rise
4•otoburb•47m ago•0 comments

I'd rather read the prompt

https://claytonwramsey.com/blog/prompt/
44•claytonwramsey•47m ago•13 comments

It's time to give the AI doomsaying a rest

https://greyenlightenment.com/2025/05/03/its-time-to-give-the-ai-doomsaying-a-rest-2/
2•paulpauper•49m ago•0 comments

The complicated business of electing a Doge

https://www.theballotboy.com/electing-the-doge
13•dr_dshiv•50m ago•3 comments

Why is Windows consistently losing market share? (2024)

https://medium.com/@digital_technology_observator/why-is-windows-consistently-losing-market-share-48e8c4b5a520
4•rolph•53m ago•4 comments

'Dangerous nonsense': AI-authored books about ADHD for sale on Amazon

https://www.theguardian.com/technology/2025/may/04/dangerous-nonsense-ai-authored-books-about-adhd-for-sale-on-amazon
12•n1b0m•53m ago•0 comments

Bitcoin's Op_return War II: Code Change Could Break Bitcoin Forever? [video]

https://www.youtube.com/watch?v=Fu6dxiZSr_E
2•eddieoz•54m ago•0 comments

Nouswise: Next-Gen of Search Interfaces

https://nouswise.com/blog/how-we-are-building-next-generation-of-search-interfaces/
3•reza_1999•54m ago•0 comments

Slovenia's Unexpected Economic Success

https://www.youtube.com/watch?v=xfykRow2LD4
3•andrewstetsenko•58m ago•0 comments

Score high on renewable energy, while reducing CO₂ emissions by 2050

https://energyville.pages.dev/
2•celestiallylvd1•59m ago•0 comments

Show HN: Aye.so – Send digital letters with a 10-hour delivery delay

https://aye.so
3•heyarviind2•1h ago•1 comments

TypeScript Docs – The Modern TypeScript Documentation

https://typescriptdocs.com
7•kadarla•1h ago•1 comments

The first code deployable biological computer

https://corticallabs.com/cl1.html
3•taubek•1h ago•0 comments

Show HN: 100.st – Dev utilities I built for format conversions and encoding

https://100.st
2•abdelbkk•1h ago•0 comments

The Elements of Euclid (With Highlights)

https://elements.ratherthanpaper.com/
3•aildours•1h ago•0 comments

BBC and Agatha Christie estate respond to 'deepfake' controversy

https://mashable.com/article/agatha-christie-artificial-intelligence-deepfake-controversy-bbc-maestro
4•gnabgib•1h ago•0 comments