Tuesday, November 17, 2020

CAA records work

I was setting up a new domain today and I created a CAA DNS record to only allow letsencrypt to issue certs for my domain. I then made some config changes whereby another CAA received a request to issue a cert for the domain. 

And it failed! That's awesome because that is how CAA records are supposed to work. But in my experience, most of the security bolt-ons we've developed over the years do not work. 

I can't be too happy, though. The onus is on the CAA to check for CAA records. This one did but I can't be sure all of them do, but it's a good start. 

Alternative way to write PHP $_POST data

I had a situation recently where I could not write the $_POST array to a file. During debug, I learned that the $_POST data was being saved ...