Open ghost opened 9 years ago
Running a security scan in early December against the source code of this project has shown that the HTTPS used in this application has been manually overiden. Apparently these overrides do not work properly. Guides to properly implementing HTTPS can be found here: https://developer.android.com/training/articles/security-ssl.html
Violations: /mw-android-friendica-01/src/de/wikilab/android/friendica01/TwAjax.java:125: Custom trust manager used. Remove from production /mw-android-friendica-01/src/de/wikilab/android/friendica01/TwAjax.java:270: Try to shift services to use HTTPS /mw-android-friendica-01/src/de/wikilab/android/friendica01/TwAjax.java:401: Custom SSLSocketFactory used /mw-android-friendica-01/src/de/wikilab/android/friendica01/TwAjax.java:402: AllowAllHostnameVerifier used, this is not a secure connection /mw-android-friendica-01/src/de/wikilab/android/friendica01/TwAjax.java:402: Custom HostnameVerifier used; this is not safe for production use
I created an account on https://theshi.re and want to access it from my smartphone. Sadly I am getting an error that
Text:
Picture:![ffa_https-bug](https://cloud.githubusercontent.com/assets/1837119/5028940/96563a28-6b41-11e4-9994-3965963d24cc.png)