powershell/PSAvoidUsingAllowUnencryptedAuthentication

powershell/PSAvoidUsingAllowUnencryptedAuthentication is a PSScriptAnalyzer diagnostic emitted by tally for PowerShell snippets embedded in Dockerfiles.

Property	Value
Severity	Warning
Category	PSScriptAnalyzer
Auto-fix	No

Description

Avoid using the AllowUnencryptedAuthentication parameter of Invoke-WebRequest and Invoke-RestMethod. When using this parameter, the cmdlets send credentials and secrets over unencrypted connections. This should be avoided except for compatibility with legacy systems. For more details, see Invoke-RestMethod.

How

Avoid using the AllowUnencryptedAuthentication parameter.

Example 1

Problematic code

Invoke-WebRequest foo -AllowUnencryptedAuthentication

Correct code

Invoke-WebRequest foo

Source

This rule documentation is adapted from Microsoft’s PSScriptAnalyzer documentation for AvoidUsingAllowUnencryptedAuthentication, licensed under CC BY 4.0.

Overview

Security

Correctness

Performance

Style

Labels

GPU / CUDA

PHP

PowerShell

Windows

BuildKit Rules

Hadolint Rules

ShellCheck Rules

powershell/PSAvoidUsingAllowUnencryptedAuthentication

Description

How

Example 1

Problematic code

Correct code

Source

Overview

Security

Correctness

Performance

Style

Labels

GPU / CUDA

PHP

PowerShell

Windows

BuildKit Rules

Hadolint Rules

ShellCheck Rules

Documentation Index

​Description

​How

​Example 1

​Problematic code

​Correct code

​Source

Description

How

Example 1

Problematic code

Correct code

Source