0

Or it is safer/better to do this by passing commands via POST/GET and formatting response as json? At first look jsonrpc looks just like a tool for this job. But it just not sound secure for me - exposing applications methods to internet etc. Is going to be read/write access without authorization - i don't want to force all the app users to register. Planning to implement it in python, tornado or django.

PS It's possible to do jsonrpc via https? (if it is application specific credentials have sense)

Lord_JABA
  • 2,545
  • 7
  • 31
  • 58
  • 1
    Your concern about safty existest no mater what protocol you are using. You need to authenticate your users, and then need to have them pass you their auth token so you can verify the request came from the person you authenticated. You should also be able to use this token to lookup the users role or permission, so you know what methods on your service they have access to. Pertaining to Https, the answer is yes. Https secures your traffic from people who would be peeking at it. Https does not handle user authentication. It just makes it so that your authentication is done is a private way. – Austin Harris Aug 21 '12 at 22:20
  • 1
    HTTPS makes sense when you're transferring sensible data like passwords and confidential data. For example if your service doesn't share that kind of information, you can use it with http. In order to keep a user authenticated, you should actually send a token with a short life. OAuth2 is one good way of doing that. If you require high confidentiality then use https, if not http is good enough. The token will expire and even if someone sniffed the token, chance are it will expire before it can do anything with it. – Loïc Faure-Lacroix Aug 22 '12 at 10:18

0 Answers0