rspec/rules/S5527/rationale.adoc

Transport Layer Security (TLS) provides secure communication between systems
over the internet by encrypting the data sent between them. In this process,
the role of hostname validation, combined with certificate validation, is to
ensure that a system is indeed the one it claims to be, adding an extra layer
of trust and security.

When hostname validation is disabled, the client skips this critical check.
This creates an opportunity for attackers to pose as a trusted entity and
intercept, manipulate, or steal the data being transmitted.

To do so, an attacker would obtain a valid certificate
authenticating `example.com`, serve it using a different hostname, and
the application code would still accept it.
Modify S5527: Learn-As-You-Code migration (#2269) ## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> 2023-06-28 17:11:41 +02:00			`Transport Layer Security (TLS) provides secure communication between systems`
			`over the internet by encrypting the data sent between them. In this process,`
			`the role of hostname validation, combined with certificate validation, is to`
			`ensure that a system is indeed the one it claims to be, adding an extra layer`
			`of trust and security.`

			`When hostname validation is disabled, the client skips this critical check.`
			`This creates an opportunity for attackers to pose as a trusted entity and`
			`intercept, manipulate, or steal the data being transmitted.`

			`To do so, an attacker would obtain a valid certificate`
			authenticating `example.com`, serve it using a different hostname, and
			`the application code would still accept it.`