Deno: MITM attack when importing files from untrusted sources

Created on 22 Oct 2018 · 6Comments · Source: denoland/deno

The whole concern is that an attacker might change the content of a file when it is served over HTTP but not HTTPs.

A possible solution is to exit the program when an untrusted import is detected and tell the user to provide the --force flag if they are sure about what they are going to do.

Source

qti3e

👍2

Most helpful comment

using a script tag to import http is allowed.

🤔 aren't http scripts blocked in browsers when imported on a https origin?

Janpot on 14 May 2020

👍19

All 6 comments

I think we should follow the browser conventions here - using a script tag to import http is allowed.

ry on 22 Oct 2018

👍1

@ry In a web browser, there is no threat to the client, but things in a server-side runtime are a bit different and they require stricter rules, one mistake might end up a user losing all of their data.

Indeed you can't even do certain things in browsers over plain HTTP, I can name service workers as an example.

Quoting from Introduction to Service Worker | Google Developers Network:

Service workers only run over HTTPS. Because service workers can intercept network requests and modify responses, "man-in-the-middle" attacks could be very bad.

It might be related to this topic https://www.drupal.org/project/securelogin/issues/1670822

P.S: I mean writing files in Deno is like service workers in a browser, we should follow browser conventions : )

qti3e on 22 Oct 2018

👍6

I personally wouldn't be opposed to limiting remote module loading to https:// only... but that is just my opinion. I don't think we should add another security layer, just disallow it as "unsafe for code".

Of course MITM is just as viable for https:// unless you are validating that the cert is from the organisation you expect it is from! 😉 Lots of corporate firewalls these days have transparent proxies and the capability to generate b2b certs.