Connections between the SDK and xRay are currently unprotected, which is a concern in shared network environments.
Current behaviour
Any xRay instance on the same network can connect to any app running the SDK without authentication. All data is sent in plain text over HTTP.
Expected behaviour
Add password-based connection protection. The connection should require a matching password on both the SDK and the xRay app before data is exchanged. All data sent over the wire should be encrypted based on the password to secure the communication.
Github reporter
@dumazy
Connections between the SDK and xRay are currently unprotected, which is a concern in shared network environments.
Current behaviour
Any xRay instance on the same network can connect to any app running the SDK without authentication. All data is sent in plain text over HTTP.
Expected behaviour
Add password-based connection protection. The connection should require a matching password on both the SDK and the xRay app before data is exchanged. All data sent over the wire should be encrypted based on the password to secure the communication.
Github reporter
@dumazy