Re: stuck on HTTP
> Every HTTP site creates an attack surface exposing every visitor to MITM, injection, and other attacks.
Ironically of course, every HTTPS site is also by definition an HTTP site. The difference in the presence of SSL doesn't change the fact that the basic protocol is the same.
The "ironically" part therefore comes from the fact that what you say about HTTP is also true about HTTPS. As soon as you put a publicly accessible site out there you have created an attack surface exposing every visitor etc etc etc. Whether that site employs HTTP or HTTPS doesn't alter the accuracy of that statement, only the difficulty involved in exploiting the attack surface you are generously providing.
Biting the hand that feeds IT
