Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Create 277-knowledge_base--secrets_shared_with_the_client--.md
- Loading branch information
Showing
1 changed file
with
14 additions
and
0 deletions.
There are no files selected for viewing
14 changes: 14 additions & 0 deletions
14
...markdown/knowledge_base/277-knowledge_base--secrets_shared_with_the_client--.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
Description: | ||
|
||
symmetric keys, passwords, or API secrets that are shared with the client should | ||
not be used for functions that are classified critical. | ||
|
||
Whenever a client is sucessfully targeted by a malicious attacker the integrety | ||
of these keys is no longer guaranteed. | ||
|
||
Solution: | ||
|
||
Verify that symmetric keys, passwords, or API secrets generated | ||
by or shared with clients are used only in protecting low risk secrets, | ||
such as encrypting local storage, or temporary ephemeral uses such as parameter obfuscation. | ||
Sharing secrets with clients is clear-text equivalent and architecturally should be treated as such. |