docs: Update Skip SSL to mention it is insecure (no-changelog) #11935
+27
−27
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Most people in the n8n ecosystem seem unaware that checking the "Ignore SSL Issues" is a security hazard. [The team suggests using it to unaware users](https://community.n8n.io/t/self-signed-certificate-in-certificate-chain/20709/2), but most users just won't even know what SSL is. They have no idea of the security hazards of checking this box. This PR helps at fixing this security issue by letting people who might care about security know that checking this box *is* a security issue. (Specifically, checking this box for example allows anyone on the same wifi as a running instance to steal any such credentials it may hold by doing ARP spoofing.)
|
|
n8n-assistant
bot
added
community
|
Hey @Ten0, Thanks for the PR, We have created "GHC-513" as the internal reference to get this reviewed. One of us will be in touch if there are any changes needed, in most cases this is normally within a couple of weeks but it depends on the current workload of the team. |
Codecov ReportAttention: Patch coverage is
📢 Thoughts on this report? Let us know! |
|
Test fails seem unrelated. |
Joffcom
changed the title
|
@Ten0 the lint failed tests are related to your changes, Are you able to run the linter to resolve them? |
Joffcom
approved these changes
Nov 28, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes part 1 of this issue.
Looking up the forum, it looks like most people in the n8n ecosystem are unaware that checking the "Ignore SSL Issues" is a security hazard. The team suggests using it to unaware users, but most users just won't even know what SSL is.
This PR helps at fixing this security issue by letting people who might care about security know that checking this box is in fact a security issue.
(Specifically, checking "Ignore SSL issues" for example allows anyone on the same wifi as a running instance to steal any such credentials it may hold by doing ARP spoofing, and some people on the internet to steal them by doing IP spoofing or DNS spoofing.)
Review / Merge checklist
release/backport(if the PR is an urgent fix that needs to be backported)