On Friday, 31 July 2020 23:53:08 PDT Alexander Carôt wrote: > Eventually we figured the ideal solution: > > We ordered a certificate for a sub-domain of our main domain and made the > DNS point to localhost. > > This way we can address our localhost connection via > > localhost.ourDomain.net > > This works perfectly without any user interaction - thanks a lot to all of > you for you inspiration ! > > Of course now I have to deal with the tiny details which I will raise in > another email in a bit :-)
I don't think this is a good idea. You might be violating the terms of service of your certificate provider by doing that. Please check with them. I can see a big attack vector with the information you provided. Since this certificate's private key is distributed with your application, anyone who has this application can extract the private key and create a web service impersonating this domain name. If they can compromise DNS at any level leading to the user (your server, the user's ISP or locally on their machine), they can redirect traffic to this domain to their servers on the Internet. And since the certificate is trusted by the browsers, they wouldn't be able to tell something was wrong. So PLEASE reanalyse your solution. You MUST NOT ship the private key with your application. That key must be generated on the user's machine. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel DPG Cloud Engineering _______________________________________________ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
