Audit required: Insecure gRPC server GO-S0902

gRPC is designed to work with various authentication mechanisms, making it easy to use gRPC to talk to other systems. It is recommended to use the supported authentication mechanisms to shield against multiple types of attacks (e.g., MITM - Man in the Middle Attack).

Bad practice

_ = grpc.NewServer()

Recommended

_ = grpc.NewServer(grpc.Creds(credentials.NewClientTLSFromCert(...)))

References

• gRPC Auth
• CWE-300
• CWE-502
• gRPC with Go