Security should not be an afterthought. Especially not when you're trying to get me to trust my data to your platform.

You are right. But you can play with our platform this weekends, and on next week we'll opening agent to open-source and enable security. We have some delay with SSL delivery. :(

When I see security as a second-class citizen on user-visible elements, I assume that the same philosophy was applied on the parts I can't audit, even after the front-end stuff was fixed.

Just get a free cert from StartSSL while you wait for your other cert to go through. It's better than nothing.

Asking people on HN to send their passwords in the clear is suicide.

I, for one, aint playin with anything you build. You aint coming close to having sudo on any of my machines if I can help it.

This shit with "enable security" as after-thought has to stop.

I agree. Basically makes me distrust the whole thing inside and out; who knows what other bs engineering practices were used in non visible parts of the stack? Shipping is great, but please don't ship insecure stuff as a product you want customers to use. Please.

We are enabled HTTPS. THX for your comments.

Next: installer update. Give us few minutes.

Great. Glad to see you're taking this seriously and hopefully it is a good lesson learned for the future!

Here: https://www.ssllabs.com/ssltest/analyze.html?d=app.lastbacke...

Overall Rating: C This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C.

That attitude might work for a social network for cats, but it's not going to fly if you're asking users to trust you with their production servers.

Fair enough. Regardless, congrats on the release.

It's a bit more than DNS. It's sending all of your traffic through cloudflare, and they cache content/act as a CDN. But they can theoretically inspect/modify all traffic.