0

I am a site owner on a SPO site whose SSL certificate just expired. They are projecting one week to resolve! In the interim, how likely is it that a malicious user could access the SharePoint site's files?

12AX7
  • 310
  • 4
  • 14

1 Answers1

1

The only problem is for your real users. Many browsers and API doesn't allow to connect to an insecure site. The browser has to allow this, the API have to set the flag "allow unsafe". But: If you allow unsafe, you can't guarantee the safe connection...

Mario
  • 278
  • 2
  • 15
  • Thanks Mario for your response. Since this is a sharepoint online site, the API would not be set to "allow unsafe". Assuming that, are you saying that only users with access to that SPO site would be allowed to ever access files? Are there risks in logged in users uploading files to an insecure site? – 12AX7 May 02 '19 at 18:14
  • Yes and no: If you have a valid certificate, all connects are green. If your site is compromised in any way on the connection, the connects are "red" and by default any client warns the user. Now (with insecure certificate): all clients warn the whole time and a user has no chance to see, if the connection are compromised. The way for compromising is the same, but the chance that a user accepts a broken connection is much higher! – Mario May 02 '19 at 18:22
  • So worst case, there is a possibility of a malicious user gaining access ti files? – 12AX7 May 02 '19 at 18:40
  • The risk is the same. But with insecure certificate there is no chance to recognise this case. – Mario May 02 '19 at 18:44