I would confirm that when user A requests a content from server B the data can be modified by any router in between them.
And so any javascript code received from http can put user security at risk.
The same happens through tls with self signed certificate but, this time, with a fake certificate and man in the middle from attacker.
Even third parties CA may be involved but it is a bit harder so let's forget that point.
Thanks
Aucun commentaire:
Enregistrer un commentaire