-
For security the OAuth protocol should be implemented. Right now there are no ID-tokens leaving us open to man in the middle attacks.
-
to prevent a "man in the middle attack" the communication between server and client should be encoded.
-
- [x] XSS
- [x] Password Encryption - Encrypt at db level
- [ ] Man in the middle (browser | attacker | server) - require authentication
-
Request for enhancement: a new key that can be used to sign the IDevID CSR by the Caliptra BootROM. This would be an ECDSA-P384 private key that is input as "straps" to Caliptra (same as de-obfuscatio…
-
the request to https://pypi.org/pypi/python-appimage/json should be removed, because it breaks workflows, when running without an internet connection.
Another reason is, that you are using ``_creat…
-
Add HTTP Strict Transport Security (HSTS) security settings to mitigate against man in the middle attacks
-
### What was the Problem?
Using HTTP to access ABS, which authenticates via Authentik (over HTTPS) throws an error on login: "SSO: The URL to the server must be https:// secured"
### Steps to Reprod…
-
Veracode Software Composition Analysis
===============================
Attribute | Details
| --- | --- |
Library | HttpClient
Description | The HttpClient component supports the client-sid…
-
It looks like the client is passing the username and password in clear/plain text in the headers. Anyone who can perform Man-in-the-middle attack can capture client identity.
-
### Checklist
- [X] I have searched the [existing issues](https://github.com/streamlit/streamlit/issues) for similar issues.
- [X] I added a very descriptive title to this issue.
- [X] I have provide…