- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: go-security/grpc-client-insecure
Language: Go
Severity: Info
Category: Security
CWE: 300
The code provided is not considered good practice and can create a security issue because it is using the “grpc.WithInsecure()” option when establishing a gRPC connection. The “grpc.WithInsecure()” option disables transport security, also known as TLS (Transport Layer Security) or SSL (Secure Sockets Layer).
By disabling transport security, the code allows communication to occur over an unencrypted connection, leaving data transmitted between the client and the server vulnerable to eavesdropping, tampering, and other security threats. Without encryption, malicious parties can intercept sensitive information such as authentication credentials, session data, or sensitive API payloads.
To ensure data security and protect against potential attacks, it is highly recommended to use transport security (TLS) in gRPC connections.
To fix the security issue, the code should be modified to use a secure connection by providing the appropriate TLS credentials. Here is an example of how the code can be updated:
tlsCredentials, err := credentials.NewClientTLSFromFile("cert.pem", "")
if err != nil {
// handle error
}
conn, err := grpc.Dial(address, grpc.WithTransportCredentials(tlsCredentials))
In this updated code, a TLS certificate is loaded from the “cert.pem” file and used to create the necessary TLS credentials for the gRPC connection. By using “grpc.WithTransportCredentials()” instead of “grpc.WithInsecure()”, the connection is secured with TLS, encrypting the data transmitted between the client and the server, and mitigating potential security risks.
func main() {
conn, err := grpc.Dial(address, grpc.WithInsecure())
}
func main() {
conn, err := grpc.Dial(address, grpc.WithInsecure())
}