Hacker News new | comments | show | ask | jobs | submit login

Another concern: modern HTTPS use SNI standard and those who sniff your traffic, can extract the hostname from this traffic, because it's not encrypted yet. So DNS sniffing is not necessary, if I understand everything correctly.

I would consider that as misuse of DNS. User id must be in request parameter or path, not in hostname.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: