34def fetch_version(request):
35 """Fetch verison of bgmi."""
36 version = requests.get(
37 "https://pypi.python.org/pypi/bgmi/json", verify=False38 ).json()["info"]["version"]39 return version
Disabling certificate validation for HTTP request leave application vulnerable to man-in-the-middle attacks.
When request methods are used, certificates are validated automatically which is the desired behavior. If certificate validation is explicitly turned off, requests will accept any TLS certificate presented by the server and will ignore hostname mismatches and/or expired certificates, which will make your application vulnerable to man-in-the-middle attacks.
Using TLS can greatly increase security by guaranteeing the identity of the party you are communicating with. This is accomplished by one or both parties presenting trusted certificates during the connection initialization phase of TLS.
import requests
requests.get('https://gmail.com', verify=False) # Insecure. No certificate validation
import requests
requests.get('https://gmail.com', verify=True) # Secure. Certificate validation enabled.
requests.get('https://deepsource.io') # Secure. Certificate validation enabled by default