|
|
|
|
|
|
by chromic
5383 days ago
|
|
|
One of the main purposes of SSL is to prevent someone who may control the route from server to client from eavesdropping or injecting their own data, so the article assumes this situation: only the server and client are trusted. It's trivial to inject something into an unencrypted stream if you own the network, but they're saying they can slip in some arbitrary JS to an encrypted stream with about 10 minutes of work. |
|
|