why no update/download over https? security risk? [message #1270367] |
Wed, 12 March 2014 19:09  |
Eclipse User |
|
|
|
I just noticed that the main eclipse update site: http://download.eclipse.org/releases/kepler/ and the main download sources do not use encryption (ie. not HTTPS), so anybody could MITM (man in the middle) my downloads and I could be running compromised software that steals my code or worse. It seems kind of strange to me that an IDE used to create all manner of software, some of it very sensitive, does not have any security protection for downloaded new software, I can understand third party plugins not having encryption (even though they should) but the main eclipse update site?
Am I missing something here?
|
|
|
|
|
|
Powered by
FUDForum. Page generated in 0.08448 seconds