0

I use Django and Django-rest-framework about REST services from Back-end and Mobile Client Apps.

I would to have some responses with encrypted data. I have to return to my client some sensible and private data and I would to apply an additional security layer (in fact I already use SSL, but I would to disarm some attacks (like man in the middle) where some unwanted element can see some data contained in my responses).

I would to avoid this, so I thought to add in my response the encrypted data.

Does that make sense? Is there something similar in Django - REST- Framework?

Safari
  • 11,437
  • 24
  • 91
  • 191
  • personally I think it doesn't make sense :-), I seems you want to recreate another level of ssl encryption within your https connection – aliva Aug 17 '16 at 10:28
  • note that you can verify certificates on user side to make sure it's not invalid key, check this python module for example. http://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification – aliva Aug 17 '16 at 10:30
  • Just add certificate pinning to the client to prevent MITM attacks. – zaph Aug 23 '16 at 01:33

1 Answers1

-1

A good encryption libary with various implementations is Keyczar.

What you would need to do is write a global interceptor on all incoming request to your backend application, and when responses are sent back they are encrypted using the Keyczar library.

On the consumer side (your mobile application) you would need to implement something similar that decrypts the responses from your backend.

BONUS: if you're not doing this already, you probably want to look at using 2-way SSL to ensure that you authenticate the client that calls your backend.

Community
  • 1
  • 1
Michele Ricciardi
  • 2,107
  • 14
  • 17