Skip to main content
powershell/PSAvoidUsingAllowUnencryptedAuthentication is a PSScriptAnalyzer diagnostic emitted by tally for PowerShell snippets embedded in Dockerfiles.

Description

Avoid using the AllowUnencryptedAuthentication parameter of Invoke-WebRequest and Invoke-RestMethod. When using this parameter, the cmdlets send credentials and secrets over unencrypted connections. This should be avoided except for compatibility with legacy systems. For more details, see Invoke-RestMethod.

How

Avoid using the AllowUnencryptedAuthentication parameter.

Example 1

Problematic code

Correct code

Source

This rule documentation is adapted from Microsoft’s PSScriptAnalyzer documentation for AvoidUsingAllowUnencryptedAuthentication, licensed under CC BY 4.0.