[SECURITY] unsafeSecure() should not be used in samples

Question

[SECURITY] unsafeSecure() should not be used in samples

JLLeitschuh opened this issue 5 years ago · comments

Jonathan Leitschuh commented 5 years ago

Insecure example code leads to insecure production code

By offering "working" code that is insecure by default, you are inherently suggesting that users use insecure coding practices by default.

For example, the samples recommend the use of unsafeSecure().

This is itself a security risk to the users of a library.

Jonathan Leitschuh · Answer 1 · Wed Jul 03 2019 22:29:46 GMT+0800 (China Standard Time)

I 100% recommend adding a method like the following as simpleSecure(). (Mine is written in Kotlin, obvious this would be translated to Java)

private fun defaultSSLEngineForClient(): Func1<ByteBufAllocator, SSLEngine> {
    val clientProvider = SslContext.defaultClientProvider()
    val context = SslContextBuilder.forClient().sslProvider(clientProvider).build()

    return Func1 { buff -> context.newEngine(buff) }
}