Use of an Insecure Channel - Elixir

Use of an Insecure Channel - Elixir

Need

Ensure data confidentiality and integrity during transmission

Context

  • Usage of Elixir (v1.11+) for building scalable and fault-tolerant applications
  • Usage of HTTPoison for making HTTP requests

Description

Non compliant code

        defmodule MyApp.Client do
 def send_request(data) do
 HTTPoison.post("http://example.com", data)
 end
end
        
        

The below Elixir code uses HTTPoison to send a HTTP request. Data transmitted over HTTP can be intercepted and read by anyone on the network.

Steps

  • Replace all HTTP URLs with their HTTPS counterparts.
  • If the server does not support HTTPS, configure it to do so.
  • If you do not control the server, request that the server owner enables HTTPS.

Compliant code

        defmodule MyApp.Client do
 def send_request(data) do
 HTTPoison.post("https://example.com", data)
 end
end
        
        

The below Elixir code modifies the original to use HTTPS, ensuring that data is encrypted during transmission.

References