include::../description.adoc[]

== Ask Yourself Whether

* Application data needs to be protected against tampering or leaks when transiting over the network.
* Application data transits over an untrusted network.
* Compliance rules require the service to encrypt data in transit.
* OS-level protections against clear-text traffic are deactivated.

There is a risk if you answered yes to any of those questions.

== Recommended Secure Coding Practices

* Make application data transit over a secure, authenticated and encrypted protocol like TLS or SSH. Here are a few alternatives to the most common clear-text protocols:
** Use ``++sftp++``, ``++scp++``, or ``++ftps++`` instead of ``++ftp++``.
** Use ``++https++`` instead of ``++http++``.

It is recommended to secure all transport channels, even on local networks, as it can take a single non-secure connection to compromise an entire application or system.

== Sensitive Code Example

[source,yaml]
----
apiVersion: batch/v1
kind: Job
metadata:
  name: curl
spec:
  template:
    spec:
      containers:
      - name: curl
        image: curlimages/curl
        command: ["curl"]
        args: ["http://example.com/"] # Sensitive
----

== Compliant Solution

[source,yaml]
----
apiVersion: batch/v1
kind: Job
metadata:
  name: curl
spec:
  template:
    spec:
      containers:
      - name: curl
        image: curlimages/curl
        command: ["curl"]
        args: ["https://example.com/"]
----


== See

include::../common/resources/documentation.adoc[]

include::../common/resources/articles.adoc[]

include::../common/resources/standards-iac.adoc[]


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

== Message

* Make sure that using clear-text protocols is safe here.

== Highlighting

Highlight the URL.

'''

endif::env-github,rspecator-view[]