Shlomo Zalman Heigh
Shlomo Zalman Heigh
> Would you be ok with me just fully deleting 5.1? Or do you prefer we keep it in with caveats? That's a good question. I think it's valuable information...
I'd be interested to help on the subject of Secrets Management.
> BTW I think `sha384.badssl.com` and `sha512.badssl.com` expired on Friday. That's correct. See #501
> @szh, do you know if you will you be working on this? I haven't had a chance to make this into a config option. If you want to do...
That's true for out of the box setup, but it's fairly easy to use a HTTPS proxy like HAProxy or use the [Ngrok Tunnel plugin](https://github.com/fieldOfView/OctoPrint-ngrok)
Based on some basic testing in Chrome, it seems that `navigator.wakeLock` will simply be `undefined` on non-HTTPS pages. This would be trivial to check for.
I created a draft PR, #4565. Now I need to get a dev environment working so I can test it.
@vcsjones are you still planning to work on this? Otherwise I may be able to take it.
I'd like to work on this. I should be able to get a PR in sometime this week. Can you please assign it to me?
We already have a section on [Account Lockout](https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Authentication_Cheat_Sheet.md#account-lockout). Can you elaborate on how login throttling is different?