|
|
|
|
|
|
by Argorak
4488 days ago
|
|
|
You are providing an HTTP link to git.io, so it cannot be verified whether I am connecting to the real git.io. This means an attacker can fake himself being git.io very easily (a classic man-in-the-middle attack). It doesn't matter if git.io can only shorten git urls, as git.io will never be involved in a potential attack. Using a link shortener is okay, but use one that supports HTTPS. |
|
|