Website sends Azure storage account access keys over unencrypted HTTP connection.

[saschagottfried]

I am pretty sure, you are aware of this. Why a web developer offers a service in such an unsecure way? The least you could have done is to notify potential users about this security aspect. Then they could choose whether they use your service. I am not aware of any notes regarding neither on the website nor on Github project page.

I forked your project, deployed using "Deploy to Azure" button. I was pretty surprised to find, that Azure websites have SSL endpoints out-of-the-box.

A more secure solution just needs a couple of minutes. Please update the link on your website to use HTTPS. Thank you for creating this tool.

A more complete approach would disable HTTP endpoint or force HTTPS too. Given that the link to your website is spread over the internet, a redirection could help.

References

• HTTPS for an *.azurewebsites.net domain
• Enable HTTPS for a web app in Azure App Service
• Cheat sheet for Azure websites

[sebagomez]

Hi, first of all, let me tell I'm not a "web developer", I created this project a long time ago while learning about Azure Storage.
I was aware of the "security breach" but actually I never thought it'd get so "popular", 10 forks is pretty popular if you ask me.
So yes, I will fix it or take your pull request in.

Thanks for the comment