The argument I've heard against not having HTTP at all is that potentially someo... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		rascul on May 28, 2024 \| parent \| context \| favorite \| on: API Shouldn't Redirect HTTP to HTTPS The argument I've heard against not having HTTP at all is that potentially someone might be able to run something malicious on port 80 for that address that the admin is not aware of. People can make up their own minds if that's a good argument or not.

HL33tibCe7 on May 28, 2024 [–]

That’s a terrible argument. If someone can run something on port 80, they have root on the machine, at which point can do whatever they want (including getting rid of whatever existing process was listening on port 80 and replacing it with their own).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact