ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S5527/impact.adoc

17 lines
824 B
Plaintext
Raw Permalink Normal View History

Modify S5527: Learn-As-You-Code migration (#2269) ## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
2023-06-28 17:11:41 +02:00
=== What is the potential impact?
Establishing trust in a secure way is a non-trivial task. When you disable
hostname validation, you are removing a key mechanism designed to build this
trust in internet communication, opening your system up to a number of
potential threats.
==== Identity spoofing
If a system does not validate hostnames, it cannot confirm the identity of
the other party involved in the communication. An attacker can exploit this by
creating a fake server and masquerading it as a legitimate one. For example,
they might set up a server that looks like your bank's server, tricking your
system into thinking it is communicating with the bank. This scenario, called
identity spoofing, allows the attacker to collect any data your system sends
to them, potentially leading to significant data breaches.
Reference in New Issue Copy Permalink