igoat icon indicating copy to clipboard operation
igoat copied to clipboard

Published 20 hours ago verified publisher icon OWASP

Key Storage Server Side: Enable HTTPS

Open ejohn20 opened this issue 6 years ago • 0 comments

Documenting a fix for this bug:

  1. Enable HTTPS on the API call.
  2. Store the key in the keychain instead of a local variable.

Can you enable both HTTP and HTTPS on this endpoint? This should be pretty easy to achieve using AWS certificate manager or . Or swap the endpoint over to an API Gateway lambda call, which supports HTTPS out of the box.

ejohn20 avatar Oct 26 '17 21:10 ejohn20