[IPython-dev] Insecure loading of mathjax
Fernando Perez
fperez.net at gmail.com
Wed Aug 6 17:56:24 EDT 2014
On Wed, Aug 6, 2014 at 2:49 PM, Thomas Kluyver <takowl at gmail.com> wrote:
> My discussions with Mathjax developers led me to post a question on
> security.stackexchange, and I am now satisfied that what Cloudflare is
> doing with SSL certificates, although it is somewhat out of the ordinary,
> does not allow someone controlling one of those sites to MITM requests to
> another of them. So if we load Mathjax over HTTPS, we are only trusting
> mathjax.org and Cloudflare.
>
> https://github.com/mathjax/MathJax/issues/885
> http://security.stackexchange.com/q/64738/53098
>
Excellent and very informative. Thomas, many thanks for following this one
through to the end. Glad it's not a problem, but it was very useful to
understand exactly how/why.
Cheers,
f
--
Fernando Perez (@fperez_org; http://fperez.org)
fperez.net-at-gmail: mailing lists only (I ignore this when swamped!)
fernando.perez-at-berkeley: contact me here for any direct mail
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20140806/b4099d98/attachment.html>
More information about the IPython-dev
mailing list