安全的Python客户端和服务器WebSocket
[英]Secure Python client & server websockets
问题描述
I'm creating an appstore for robot applications. 
我正在为机器人应用程序创建一个应用程序商店。 The setup is as follows: 设置如下:
- Robot running Linux and Python 运行Linux和Python的机器人
- API for appstore running Django Tastypie 适用于运行Django Deliciouspie的Appstore的API
- Web site with appstore communicating with the API through jQuery 具有Appstore的网站,通过jQuery与API进行通信
When a user installs an app on the web site, an API call to Django is made. 当用户在网站上安装应用程序时,将对Django进行API调用。 Then I need Django to emit a push notification to the Robot informing him that new apps are ready to be installed. 然后,我需要Django向机器人发出推送通知,通知他已经可以安装新应用了。 Then the Robot should make an API call to retrieve the new app and install it. 然后,机器人应进行API调用以检索并安装新应用。
I was thinking websockets would be the best way to solve this. 我以为websockets将是解决此问题的最佳方法。 I would need both the server and client to be written in Python. 我将需要用Python编写服务器和客户端。
The complicate things a bit the API uses key authentication. API使用密钥身份验证使事情有些复杂。 Is it possible and secure to send the key from the API to the robot using websockets? 使用websocket将密钥从API发送到机器人是否可行且安全? Should I be using HTTPS and WSS exclusively? 我应该只使用HTTPS和WSS吗?
Given the myriad of websocket implementations out there, is there anyone you can recommend for this scenario? 鉴于那里有无数的websocket实现,对于这种情况您有没有推荐的人?
1 个解决方案
解决方案1
0 2015-08-14 05:19:00
You main question, if you should use HTTPS / WSS to increase security can be answered easily: Yes, you should. 您的主要问题是,是否应该使用HTTPS / WSS来提高安全性,这很容易回答:是的,应该。
The other part of the question, which is a bit hidden, if the API key will be compromised when sent in clear text, depends on how you use the API key. 问题的另一部分有点隐蔽,如果以明文形式发送时API密钥是否被泄露,则取决于您如何使用API密钥。 Secure APIs will use a cryptographic hash over the key and the payload instead of the key in clear text. 安全API将在密钥和有效负载上使用加密哈希,而不是明文形式的密钥。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.