Use of an Insecure Channel

Need

Ensure data confidentiality and integrity during transmission

Context

• Usage of Elixir (v1.11+) for building scalable and fault-tolerant applications

• Usage of HTTPoison for making HTTP requests

Description

1. Non compliant code

defmodule MyApp.Client do
 def send_request(data) do
 HTTPoison.post("http://example.com", data)
 end
end

The below Elixir code uses HTTPoison to send a HTTP request. Data transmitted over HTTP can be intercepted and read by anyone on the network.

2. Steps

• Replace all HTTP URLs with their HTTPS counterparts.

• If the server does not support HTTPS, configure it to do so.

• If you do not control the server, request that the server owner enables HTTPS.

3. Secure code example

defmodule MyApp.Client do
 def send_request(data) do
 HTTPoison.post("https://example.com", data)
 end
end

The below Elixir code modifies the original to use HTTPS, ensuring that data is encrypted during transmission.

References

On this page