Enhance Security and Reliability by Adding Timeout and Configurable SSL Verification #10
Description
Hello,
I am using the liqpay-sdk-python3 library and have observed two potential improvements that could enhance both the security and reliability of HTTP requests made by the library:
1. Add a Timeout Parameter: Currently, the library does not use a timeout for HTTP requests, which can lead to indefinite hangs under certain conditions. I suggest adding a default timeout to prevent this:
response = requests.post(request_url, data=request_data, verify=verify, timeout=61) # Default timeout of 61 seconds
2. Configurable SSL Verification: The current implementation uses verify=False in HTTP requests, which disables SSL certificate verification and exposes users to potential security risks. Making this a configurable parameter in the constructor would allow users to decide based on their security requirements:
def __init__(self, public_key, private_key, host="https://www.liqpay.ua/api/", verify: bool = True):
self.verify = verify
By default, I recommend setting verify=True to promote best security practices.
These changes will ensure better resource management, application stability, and enhanced security for users of the library. I believe these enhancements will make the library more robust and secure for all users.
Thank you for considering these suggestions!