Y
Hacker News
new
|
ask
|
show
|
jobs
by
woot01
3530 days ago
HTTPS does not protect you against sending data to a host owned by another company.
2 comments
aianus
3530 days ago
Yes it does, the cert presented by api.othercompany.com would not pass validation when you're trying to open a connection to api.intendedcompany.com.
link
leesalminen
3530 days ago
Correct, but they wouldn't be able to decrypt the data.
link
icebraining
3529 days ago
The data doesn't even get there, the handshake kills the connection before that.
link