Use of an Insecure Channel
Need
Ensure data confidentiality and integrity during transmission
Context
- Usage of Elixir (v1.11+) for building scalable and fault-tolerant applications
- Usage of HTTPoison for making HTTP requests
Description
Non compliant code
defmodule MyApp.Client do
def send_request(data) do
HTTPoison.post("http://example.com", data)
end
end
The below Elixir code uses HTTPoison to send a HTTP request. Data transmitted over HTTP can be intercepted and read by anyone on the network.
Steps
- Replace all HTTP URLs with their HTTPS counterparts.
- If the server does not support HTTPS, configure it to do so.
- If you do not control the server, request that the server owner enables HTTPS.
Compliant code
defmodule MyApp.Client do
def send_request(data) do
HTTPoison.post("https://example.com", data)
end
end
The below Elixir code modifies the original to use HTTPS, ensuring that data is encrypted during transmission.