Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

send card tokenisation to checkout server in JOSE format #60

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

Bloody-Badboy
Copy link

@Bloody-Badboy Bloody-Badboy commented Apr 27, 2021

Proposed changes

Describe the big picture of your changes here to communicate to the maintainers why we should accept this pull request. If it fixes a bug or resolves a feature request, be sure to link to that issue.

Types of changes

Transfer card tokenisation details to checkout server in JOSH format instead of plain text

What types of changes does your code introduce to frames-android?

  • Bugfix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist

  • Lint and unit tests pass locally with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

Further comments

Currently, card tokenisation request sent to checkout.com in applicaton/json format which is plain text and vulnerable to attack, instead of that send the card details in encrypted format using JWE token with RSA-OAEP-256 scheme and AES256 GCM symmetric encryption.

@Bloody-Badboy Bloody-Badboy requested a review from a team as a code owner December 3, 2021 16:42
@sonarqubecloud
Copy link

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot E 1 Security Hotspot
Code Smell A 4 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

idea Catch issues before they fail your Quality Gate with our IDE extension sonarlint SonarLint

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

1 participant