couldn't someone with inside access to JetBrains potentially disable the encryption/decrpyt traffic?
This feature seems designed for situations where you're working closely with a team member, presumably both on corporate-issued laptops. That's true, but I would hope you're not inviting random people off the internet to do pair programming with you. I guess you need to decide for yourself whether you trust employees of JetBrains to see your local IP address, username and project name but if not then you probably shouldn't have installed their IDE in the first place. They do say later on "the host communicates with the JetBrains server over TLS1.2+". When they say "without encryption" I think they mean that your IDE shares this with the JetBrains server not that this info is pasted publicly on pastebin for everyone to see. Maybe your username and project name could be considered sensitive. Unless your dev workstation is internet-facing (ie you've port-forwarded it through your router), I wouldn't worry about the IP part. JetBrains says that the connections are end-to-end encrypted, but since they own the plugin client and the servers through which the sessions are relayed (unless you pay for the on-prem license), couldn't someone with inside access to JetBrains potentially disable the encryption/decrpyt traffic?Īre there any other security concerns I should be worried about? You don’t want your data to be transferred via JetBrains servers, youĬouldn't local IP addresses and OS usernames be used by a hacker to attempt remote desktop connections?Īlso the fact that the plugin can give guest users IDE terminal access on the host users computer (depending on the permissions set by the session host user) seems concerning, as it could potentially give an attacker access to the larger file system. Session, the host communicates with the JetBrains server over TLS1.2+.Ĭode With Me communicates through an open source distributed protocolĬreated by JetBrains, and uses TLS 1.3 for end-to-end encryption. Project names, and the operating system username are shared withoutĮncryption as they are used for letting JetBrains establish a sessionīetween the host and a guest. Susceptible to person-in-the-middle attacks. Otherwise, the end-to-end encryption is potentially
Webstorm free pair programming code#
When the host and the guest verify that the generated PIN code matches Your project and solution data is transferred through JetBrains How is data transferred through JetBrains servers?
I've been looking into this very useful remote pair programming plugin from JetBrains called Code With Me, but want to understand all the security implications.
0 kommentar(er)
