logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

Use of an Insecure Channel - Elixir

Need

Ensure data confidentiality and integrity during transmission

Context

  1. Usage of Elixir (v1.11+) for building scalable and fault-tolerant applications
  2. Usage of HTTPoison for making HTTP requests

Description

Insecure Code Example

defmodule MyApp.Client do
 def send_request(data) do
 HTTPoison.post("http://example.com", data)
 end
end

The below Elixir code uses HTTPoison to send a HTTP request. Data transmitted over HTTP can be intercepted and read by anyone on the network.

Steps

  1. Replace all HTTP URLs with their HTTPS counterparts.
  2. If the server does not support HTTPS, configure it to do so.
  3. If you do not control the server, request that the server owner enables HTTPS.

Secure Code Example

defmodule MyApp.Client do
 def send_request(data) do
 HTTPoison.post("https://example.com", data)
 end
end

The below Elixir code modifies the original to use HTTPS, ensuring that data is encrypted during transmission.

References

  • 022 - Use of an Insecure Channel

    • Last updated

    2023/09/18