dapr
Have gRPC over SSL by default and enforce it
Describe the proposal
We should have best practices in the core of the SDK. People developing with it should have a speed-up in developer experience but also adhere to security practices.
gRPC in the ecosystem today always utilizes the createInsecure() method which creates an unencrypted channel and exposes channel credentials. (more: https://www.trendmicro.com/en_us/research/20/h/how-unsecure-grpc-implementations-can-compromise-apis.html)
We should switch to utilizing createSsl() for several reason, but the main ones being:
- It is required for #219 (we cannot have metadata in the
createFromMetadataGeneratorif we are not using an Ssl Channel) - It's secure
Extra info can be found here as well: https://github.com/wechaty/puppet-service/issues/124 and https://github.com/wechaty/puppet-service/pull/159/files
This issue has been automatically marked as stale because it has not had activity in the last 60 days. It will be closed in the next 7 days unless it is tagged (pinned, good first issue, help wanted or triaged/resolved) or other activity occurs. Thank you for your contributions.
This issue has been automatically closed because it has not had activity in the last 67 days. If this issue is still valid, please ping a maintainer and ask them to label it as pinned, good first issue, help wanted or triaged/resolved. Thank you for your contributions.
This issue has been automatically marked as stale because it has not had activity in the last 60 days. It will be closed in the next 7 days unless it is tagged (pinned, good first issue, help wanted or triaged/resolved) or other activity occurs. Thank you for your contributions.