Use of an Insecure Channel - Elixir

Use of an Insecure Channel - Elixir

Need

Ensure data confidentiality and integrity during transmission

Context

Usage of Elixir (v1.11+) for building scalable and fault-tolerant applications
Usage of HTTPoison for making HTTP requests

Description

Non compliant code

        defmodule MyApp.Client do
 def send_request(data) do
 HTTPoison.post("http://example.com", data)
 end
end

The below Elixir code uses HTTPoison to send a HTTP request. Data transmitted over HTTP can be intercepted and read by anyone on the network.

Steps

Replace all HTTP URLs with their HTTPS counterparts.
If the server does not support HTTPS, configure it to do so.
If you do not control the server, request that the server owner enables HTTPS.

Compliant code

        defmodule MyApp.Client do
 def send_request(data) do
 HTTPoison.post("https://example.com", data)
 end
end

The below Elixir code modifies the original to use HTTPS, ensuring that data is encrypted during transmission.

References

022. Use of an insecure channel