Certificate Pinning #1103
Comments
|
+1 for this task. @markuswinkler What is the daily security newsletter that you are subscribing to? I would love to know. Also, is there any short-term solution beside using the built-in ACL/CLP? |
|
@QuynhNguyen I have different sources, hackernews (https://news.ycombinator.com) is pretty good, also heise.de (although german). One workaround (in theory) could be to implement a cloud code test function on the server that is called via the rest interface with e.g. Alamofire (where you can pin the certificate) at a given time interval plus every time the apps awakes from the background. The cloud function itself can be empty and just return success. Disadvantages of this approach:
Another workaround is to use the REST interface with Alamofire for all security sensitive calls but that could be prohibitively tedious depending on your architecture. |
|
Maybe someone from the community can implement it? |
|
This issue has been automatically marked as stale because it has not had recent activity. If you believe it should stay open, please let us know! As always, we encourage contributions, check out the Contributing Guide |
|
@Stale It should be open (= |
dplewis
added
Enhancement
type:feature
The SDKs should be compatible with pinned certificates for connecting to the Parse Servers, allowing for faster, safer deployment, particularly in small or internal deployments.
This issue has already been posted here but there has been no progress for over a year on this:
#799
(thanks @kingmatusevich)
My daily security newsletter is full of apps that got hacked because of a man in the middle attack which could be easily prevented if the Parse SDK allowed for certificate pinning.
The text was updated successfully, but these errors were encountered: