The SDKs should be compatible with pinned certificates for connecting to the Parse Servers, allowing for faster, safer deployment, particularly in small or internal deployments.
I agree with pinned certificates, though requiring this for everyone would probably be less than ideal, taking into account that this would explicitly require people to update their apps when a certificate expires/changes.
I would recommend changing the source code in place to allow this, since the change is relatively small and would also allow you to bundle any certificate you want if you are using self-hosted Parse Server.
I'm not suggesting it as the only alternative, but I'm saying it should be one to allow the use of self signed roots.
Aha, got you.
I think the ideal API would then be as an additional property on the ParseClientConfiguration class to allow for trust policy configuration.
So as to not duplicate work, is the team at Parse working on adding certificate pinning? Or is this something we should be doing to the Parse SDK as an open source project?
Any progress on this?
@nlutsenko : if you pin just the public key there is no need to update the app when a certificate expires/changes.
see here:
http://stackoverflow.com/questions/15728636/how-to-pin-the-public-key-of-a-certificate-on-ios
Would be great to see this implemented asap, all too easy for a malicious user to intercept app <-> server communication at the moment
ping
This issue has been automatically marked as stale because it has not had recent activity. If you believe it should stay open, please let us know! As always, we encourage contributions, check out the Contributing Guide
Aha, got you.
I think the ideal API would then be as an additional property on theParseClientConfigurationclass to allow for trust policy configuration.
Can you explain how to allow this trust policy in the latest SDK?
Most helpful comment
Would be great to see this implemented asap, all too easy for a malicious user to intercept app <-> server communication at the moment