Just as anyone who can spoof DNS entries could swap some other theoretical Pow i... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		sstephenson on April 7, 2011 \| parent \| context \| favorite \| on: Introducing Pow, a zero-configuration Rack server ... Just as anyone who can spoof DNS entries could swap some other theoretical Pow installer with a malicious one. I'm not seeing how Pow's installation process is any less secure than, say, downloading a disk image from a random site.

michaelfairley on April 7, 2011 [–]

Not if it's served over SSL.

tesseract on April 7, 2011 | | [–]

That has nothing to do with whether the installer is a shell script or a binary.

wlll on April 7, 2011 | | [–]

This comment is a repeat, but that may not necessarily be true:

http://www.imperialviolet.org/2011/03/18/revocation.html

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact