Comment on knowing when to trust a login page on a Cloudflare site
slazer2au@lemmy.world 7 months ago
You don’t. Assume the password is hashed server side and are sent unhashed via the TLS session that CF mitm.
Comment on knowing when to trust a login page on a Cloudflare site
slazer2au@lemmy.world 7 months ago
You don’t. Assume the password is hashed server side and are sent unhashed via the TLS session that CF mitm.
coffeeClean@infosec.pub 7 months ago
What if I am reporting a GDPR offender who (e.g.) neglected my article 15 request? If I make the assumption you are suggesting and write in my Article 77 complaint that the data controller needlessly exposes passwords to Cloudflare, and it turns out to be untrue, then my report loses credibility.
slazer2au@lemmy.world 7 months ago
You seem to make the assumption that CF is storing that level of your data. In all likelihood CF are inspecting the traffic for malicious intent and if there is nothing malicious the non metadata is dropped.
coffeeClean@infosec.pub 7 months ago
This doesn’t follow. What have I said that would imply that assumption?