[TIMOB-28214] Android: Remove dead "TiAuthenticator" Java code to avoid security warnings
| GitHub Issue | n/a |
|---|---|
| Type | Improvement |
| Priority | Medium |
| Status | Closed |
| Resolution | Fixed |
| Resolution Date | 2020-10-30T14:51:02.000+0000 |
| Affected Version/s | n/a |
| Fix Version/s | Release 9.3.0 |
| Components | Android |
| Labels | android, http, network, security |
| Reporter | Joshua Quick |
| Assignee | Joshua Quick |
| Created | 2020-10-29T21:42:41.000+0000 |
| Updated | 2020-11-10T11:32:27.000+0000 |
Description
*Summary:*
Our [TiAuthenticator.java](https://github.com/appcelerator/titanium_mobile/blob/master/android/modules/network/src/java/ti/modules/titanium/network/TiAuthenticator.java) class is no longer used. Its usage was removed by ticket [TIMOB-24748] in Titanium 6.1.1. We should delete this Java class.
*Note:*
This class was used for HTTP "basic authentication", which involves adding a username/password into the URL. This is not secure. So, removing this class prevents it coming up in security scan software such as Veracode.
PR (master): https://github.com/appcelerator/titanium_mobile/pull/12232
Merged to master for 9.3.0 target
Closing tickets as unit tests pass. Improvement verified in SDK version
9.3.0.v20201103024935Test and other information can be found at: https://github.com/appcelerator/titanium_mobile/pull/12232