SSL for discuss.px4.io?

#1

Hi there; this is my first post!

I was going through the signup flow and realized I was transmitting my password essentially over plaint text. It appears you don’t have TLS/SSL/https setup for the forum. Just wanted to make sure this was an intentional decision, or people were aware of it.

Cheers!
Jeff

#2

Yes it is fully intentionally. We don’t have anything that “serious” that would really require encrypted systems. This can be looked in future if there are more concerns.

Regards,
Jani / PX4 System admin

#3

That’s fair; I agree with you on the content side and access control not being a concern.

The concern is that a man in the middle attack would allow for relatively easy hijacking of user accounts. Sounds like you already know that and it’s not worth the hassle.

Cheers,
Jeff