Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/encryption middleware + coverage #4

Merged
merged 16 commits into from Jul 24, 2021
Merged

Feature/encryption middleware + coverage #4

merged 16 commits into from Jul 24, 2021

Conversation

Coronon
Copy link
Owner

@Coronon Coronon commented Jul 21, 2021

This PR adds a middleware that establishes a secure connection between WebSocket sessions. It also bumps test coverage for core/networking to 100%.

HenrikThoroe
HenrikThoroe requested changes Jul 22, 2021
View reviewed changes
Copy link
Collaborator

@HenrikThoroe HenrikThoroe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good work. But still, the connection is threatened by man-in-the-middle attacks. At least something we should consider to fix in the future

lib/core/networking/websockets/middleware/encryption_middleware.dart Outdated Show resolved Hide resolved
lib/core/networking/websockets/middleware/encryption_middleware.dart Outdated Show resolved Hide resolved
lib/core/networking/websockets/middleware/encryption_middleware.dart Outdated Show resolved Hide resolved
lib/core/networking/websockets/middleware/encryption_middleware.dart Outdated Show resolved Hide resolved
lib/core/networking/websockets/middleware/encryption_middleware.dart Show resolved Hide resolved
test/core/networking/websockets/middleware/encryption_middleware_test.dart Outdated Show resolved Hide resolved
test/core/networking/websockets/middleware/encryption_middleware_test.dart Show resolved Hide resolved
test/core/networking/websockets/middleware/encryption_middleware_test.dart Show resolved Hide resolved
test/core/networking/websockets/middleware/encryption_middleware_test.dart Show resolved Hide resolved
test/core/networking/websockets/middleware/protocol_middleware_test.dart Outdated Show resolved Hide resolved
@Coronon
Copy link
Owner Author

Coronon commented Jul 23, 2021

Yes, this is vulnerable to man in the middle. The only way around this is some sort of pre-verification like trusted certificates (used to sign reply). We might include those in a later PR.

@Coronon Coronon merged commit 5471134 into develop Jul 24, 2021
@Coronon Coronon added the enhancement New feature or request label Jul 24, 2021
@Coronon Coronon deleted the feature/encryptionMiddleware branch July 24, 2021 18:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HenrikThoroe HenrikThoroe HenrikThoroe approved these changes

Assignees

@HenrikThoroe HenrikThoroe

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Coronon @HenrikThoroe