search

dyninc / Dynect-API-Python-Library

A Python library for interacting with the Dynect Managed DNS REST API
Other
28 stars 19 forks source link

HTTPS certificates are not checked #6

Open davidn opened 11 years ago

davidn commented 11 years ago

The library uses python's httplib.HTTPSConnection to connect to the Dyn API endpoint. The python documentation notes "Warning: This does not do any verification of the server’s certificate."

Without certificate verification, if an attacker is able to intercept the traffic she can read or even alter the communications.

It does not seem that httplib provides a way to do this verification. Some people have produced a HTTPSConnection wrapper to do validation. Other people recommend using pycurl.

medina commented 10 years ago

How about using requests instead?

Yes, another dependency, but it solves a number of issues including this one.

egon1024 commented 10 years ago

It's a good question. We tried very hard not to require any external libraries for this package. We might have to give in on that idea though.