> I don't think this is a good idea. You might be violating the terms of > service > of your certificate provider by doing that. Please check with them.
In fact I already did - nobody has a concern about it. This traffic is completey running on localhost - so nobody apart from the user itself is affected. This approach simply shall satisfy the browser to launch the localhost websocket. Best Alex -- http://www.carot.de Email : alexan...@carot.de Tel.: +49 (0)177 5719797 > Gesendet: Sonntag, 02. August 2020 um 19:24 Uhr > Von: "Thiago Macieira" <thiago.macie...@intel.com> > An: interest@qt-project.org > Betreff: Re: [Interest] wss:// on localhost > > On Friday, 31 July 2020 23:53:08 PDT Alexander Carôt wrote: > > Eventually we figured the ideal solution: > > > > We ordered a certificate for a sub-domain of our main domain and made the > > DNS point to localhost. > > > > This way we can address our localhost connection via > > > > localhost.ourDomain.net > > > > This works perfectly without any user interaction - thanks a lot to all of > > you for you inspiration ! > > > > Of course now I have to deal with the tiny details which I will raise in > > another email in a bit :-) > > I don't think this is a good idea. You might be violating the terms of > service > of your certificate provider by doing that. Please check with them. > > I can see a big attack vector with the information you provided. Since this > certificate's private key is distributed with your application, anyone who > has > this application can extract the private key and create a web service > impersonating this domain name. If they can compromise DNS at any level > leading to the user (your server, the user's ISP or locally on their > machine), > they can redirect traffic to this domain to their servers on the Internet. > And > since the certificate is trusted by the browsers, they wouldn't be able to > tell something was wrong. > > So PLEASE reanalyse your solution. You MUST NOT ship the private key with > your > application. That key must be generated on the user's machine. > > -- > Thiago Macieira - thiago.macieira (AT) intel.com > Software Architect - Intel DPG Cloud Engineering > > > > _______________________________________________ > Interest mailing list > Interest@qt-project.org > https://lists.qt-project.org/listinfo/interest > _______________________________________________ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
