Let’s say I self-host something like wefwef (Lemmy front end) locally, so I can see it on http://localhost:port on the machine where it’s running with Docker, and also on my other devices on my same local network by accessing http://192.168.something.something:port
Now, if I were to input my login credentials on that (so without HTTPS), how dangerous is this?
Your LAN router/switch will see the credentials unencrypted. An untrusted device on your network could perform ARP spoofing, pretend to be
192.168.something.something
, and intercept the credentials. Do you trust all devices on your network?It’s better practice (and simple enough) to setup HTTPS with self-signed certificates and have the browsers manually accept the cert on first connection.
I do trust the devices on my network but I guess I’ll probably look into how to setup HTTPS.
IMHO, HTTPS is not necessary in a small home network.
IMHO, HTTPS is not necessary in a small home network.
IMHO, HTTPS is not necessary in a small home network.
IMHO, HTTPS is not necessary in a small home network.