|
Re: why no update/download over https? security risk? [message #1271386 is a reply to message #1270367] |
Sat, 15 March 2014 01:36 |
|
On 03/13/2014 12:32 AM, under net wrote:
> I just noticed that the main eclipse update site:
> http://download.eclipse.org/releases/kepler/ and the main download
> sources do not use encryption (ie. not HTTPS), so anybody could MITM
> (man in the middle) my downloads and I could be running compromised
> software that steals my code or worse. It seems kind of strange to me
> that an IDE used to create all manner of software, some of it very
> sensitive, does not have any security protection for downloaded new
> software, I can understand third party plugins not having encryption
> (even though they should) but the main eclipse update site?
> Am I missing something here?
You do have the option of downloading a checksum'd version. Would that help?
|
|
|
|
|
Powered by
FUDForum. Page generated in 0.04297 seconds