search

OuhscBbmc / REDCapR

R utilities for interacting with REDCap
https://ouhscbbmc.github.io/REDCapR
Other
112 stars 45 forks source link

Does REDCap_read validate the SSL #521

Open MardahlM opened 3 weeks ago

MardahlM commented 3 weeks ago

Dear REDCap R developers.

Thanks for a great package. I use it to pull down data from REDCap always.

In the REDCap API documentation, I found this text:

"One thing that is highly recommended is for your API script/program (i.e. the thing making the request to the REDCap API) to validate the SSL certificate of the REDCap web server when it makes the API request."

While I see you do something related to SSL certificates, I am not sure exactly what.

Can you confirm that redcap_read() conforms to the above security recommendation listed in REDCap?

Best regards, Maibritt

wibeasley commented 3 weeks ago

Yes, it does conform. Do these passages address your question? (Are you completing a security review?)

From the home page:

The REDCapR package includes the SSL certificate retrieved by httr::find_cert_bundle(). Your REDCap server’s identity is always verified, unless the setting is overridden (alternative certificates can also be provided).

Also see the SSL/TLS section of the Advanced REDCapR Operations vignette.