Possible insecure gRPC server: grpc.NewServer(grpc.KeepaliveEnforcementPolicy(keepalive.EnforcementPolicy{MinTime: 5 * time.Second}))
230 httpListener = mux.Match(cmux.HTTP1())
231 }
232
233 grpcServer := grpc.NewServer(234 // Allow clients send consecutive pings in every 5 seconds.
235 // The default value of MinTime is 5 minutes,
236 // which is too long compared with 10 seconds of TiKV's pd client keepalive time.
Description
gRPC is designed to work with various authentication mechanisms, making it easy to use gRPC to talk to other systems. It is recommended to use the supported authentication mechanisms to shield against multiple types of attacks (e.g., MITM - Man in the Middle Attack).
Bad practice
_ = grpc.NewServer()
Recommended
_ = grpc.NewServer(grpc.Creds(credentials.NewClientTLSFromCert(...)))