undefined | Better HN

0 pointse12e12y ago0 comments

One approach is to let one process do the ssl termination, and only that -- that raises the bar some. That process might be nginx -- running under a different uid -- or one of the many ssl-proxies.

0 comments

1 comments · 1 top-level

bigiain12y ago

I guess that's a big advantage of terminating SSL at the load balancers – dedicated hardware which is unlikely to end up with exploitable RoR/PHP or SQLi vulnerabilites – is probably somewhat less likely to lose your private TLS certs to an automated WordPress/Rails/cPanel/whatever zero-day scan...

j / k navigate · click thread line to collapse