Insecure Network Communication

Why is this important?

Ensuring that the data in transit is secured between users and your application is the most fundamental security requirement. If this security control is not in place then all bets are off and attackers have many ways to attack your users.

Check out this video for a high-level explanation:

Insufficient Transport Layer Protection

Fixing Insecure Network Communication

Option A: Properly Set SSL Padding

  1. Go through the issues that GuardRails identified in the PR.
  2. Replace OPENSSL_PKCS1_PADDING:

    openssl_public_encrypt($i,$e,$k, OPENSSL_PKCS1_PADDING);
    

    with OPENSSL_PKCS1_OAEP_PADDING:

     # Ensure that you have a valid certificate.
     # Get free certificates at https://letsencrypt.org/
     openssl_public_encrypt($i,$e,$k, OPENSSL_PKCS1_OAEP_PADDING);
    
  3. Test it

  4. Ship it 🚢 and relax 🌴

More information: