New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature/encryption middleware + coverage #4
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good work. But still, the connection is threatened by man-in-the-middle attacks. At least something we should consider to fix in the future
lib/core/networking/websockets/middleware/encryption_middleware.dart
Outdated
Show resolved
Hide resolved
lib/core/networking/websockets/middleware/encryption_middleware.dart
Outdated
Show resolved
Hide resolved
lib/core/networking/websockets/middleware/encryption_middleware.dart
Outdated
Show resolved
Hide resolved
lib/core/networking/websockets/middleware/encryption_middleware.dart
Outdated
Show resolved
Hide resolved
test/core/networking/websockets/middleware/encryption_middleware_test.dart
Outdated
Show resolved
Hide resolved
test/core/networking/websockets/middleware/encryption_middleware_test.dart
Show resolved
Hide resolved
test/core/networking/websockets/middleware/encryption_middleware_test.dart
Show resolved
Hide resolved
test/core/networking/websockets/middleware/encryption_middleware_test.dart
Show resolved
Hide resolved
test/core/networking/websockets/middleware/protocol_middleware_test.dart
Outdated
Show resolved
Hide resolved
Yes, this is vulnerable to man in the middle. The only way around this is some sort of pre-verification like trusted certificates (used to sign reply). We might include those in a later PR. |
This PR adds a middleware that establishes a secure connection between WebSocket sessions. It also bumps test coverage for
core/networking
to 100%.