|
|
|
|
|
|
by billyhoffman
2247 days ago
|
|
|
I want to be supportive, and I believe this solves a real issue, but this giving me serious pause: > We take security very seriously, especially when it comes to our users. This is why we offer end-to-end SHA-256 encryption You take security seriously, but are confusing pretty basic and fundamental concepts of encrypting vs hashing. Given that the point of this service to expose local services to the internet, and only provides compression benefits if I expose the plaintext traffic of my service, I'm not seeing a lot of information that gives me confidence you truly understand the importance of doing what you are doing securely and safely. Not to mention confidence to defend against what an attractive target this makes you for attackers to passively tap or pivot into your customers. |
|
|
1. We'll be open sourcing our client in the coming weeks so you can check out our code yourselves.
2. We will be offering a self-hosted version which will decouple you entirely from our infrastructure and you can provide you own SSL certificates.
3. Lynk can forward traffic to your encrypted services - which of course would mean losing out on compression benefits, but Lynk is designed primarily for quick development work like testing out a Stripe or Github webhook on your local machine, or demoing your webapp to a remote client. For production use we recommend a reverse proxy or self-hosting Lynk.