spring-microservices-v2 icon indicating copy to clipboard operation
spring-microservices-v2 copied to clipboard

Published 20 hours ago verified publisher icon in28minutes

Anti-pattern: HTTP Without TLS

Open akondasif opened this issue 4 years ago • 0 comments

Dear Colleague,

We are looking to find ways to help developers find security misconfigurations, i.e., Kubernetes manifest configurations that violate security best practices for Kubernetes manifests.

We have noticed an instance of HTTP without TLS/SSL in one of your Kubernetes manifests. The recommended practice is use of secure HTTP for each team's development and production environment. Enabling TLS ensures secure communication between cluster components. Otherwise, the communication could susceptible to man in the middle attacks.

Location:

https://github.com/in28minutes/spring-microservices-v2/blob/e83898f2b4cae01b048c2f107de95775d9de14ec/05.kubernetes/currency-conversion-service/backup/deployment-02-environment-variable-hardcoded.yaml#L31

Please use SSL/TLS to fix this misconfiguration. We would like to hear if you agree to fix this misconfiguration or have fixed the misconfiguration.

akondasif avatar Nov 02 '21 20:11 akondasif