CRITICAL: Missing TLS - HTTP server listens without encryption

## Why is this an issue?

The API server in `cmd/api/main.go:87-88` uses `ListenAndServe()` (HTTP) instead of `ListenAndServeTLS()`. All API traffic including credentials is transmitted in plaintext.

## What is causing it?

```go
StartHTTPServer: func(s *http.Server) error {
    return s.ListenAndServe()
},
```

## How can it be solved?

Add TLS certificate configuration and use `ListenAndServeTLS(certFile, keyFile, handler)`.

## Category
- [ ] Small
- [ ] Medium
- [x] Large

## Severity
- [ ] Low
- [ ] Medium
- [ ] High
- [x] Critical

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CRITICAL: Missing TLS - HTTP server listens without encryption #667

Why is this an issue?

What is causing it?

How can it be solved?

Category

Severity

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CRITICAL: Missing TLS - HTTP server listens without encryption #667

Description

Why is this an issue?

What is causing it?

How can it be solved?

Category

Severity

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions