Asp Forum
Home
|
Login
|
Register
|
Search
Forums
>
comp.lang.ruby
Exposing an API over HTTPS
Felipe Coury
3/29/2009 11:40:00 PM
Hello there,
I run a website that is written in Rails that uses the standard
authentication mechanisms, where you provide your user and password and
that gets challenged against an encrypted value.
Now I am about to expose some of the features via API, and I am thinking
about running a separate API server that would be a Sinatra app.
However, sending the user id and password over the internet doesn't seem
very secure, even though we'll be using HTTPS on the server.
One way of authentication that I always liked is the way, for instance,
GitHub handles pushes to their servers. When you give them your public
SSH RSA key, makes this machine authorized to interact as you with their
server.
Would it be possible to have something similar for this API, even using
HTTPS? What kind of approaches to this problem are known patterns on the
Ruby community? Any guidance, in terms of Gems, Articles and such would
be nice.
Thanks in advance, this forum/list has *always* been very insightful.
Best regards,
-- Felipe.
--
Posted via
http://www.ruby-...
.
1 Answer
Alan Gutierrez
3/30/2009 1:10:00 AM
0
On Mar 29, 6:39 pm, Felipe Coury <felipe.co...@gmail.com> wrote:
> One way of authentication that I always liked is the way, for instance,
> GitHub handles pushes to their servers. When you give them your public
> SSH RSA key, makes this machine authorized to interact as you with their
> server.
GitHub uses gitosis, which is a Python application built on top of
SSH. There is a "git" user and the git commands are run as that user,
so the shortest path, to mimic gitosis, would involve building on top
of SSH not HTTPS.
You should read the gitosis code.
http://eagain.net/gitweb/?p=gitosis.git...
Alan Gutierrez - alan@blogometer.com -
http://blog...
Servizio di avviso nuovi messaggi
Ricevi direttamente nella tua mail i nuovi messaggi per
Exposing an API over HTTPS
Inserendo la tua e-mail nella casella sotto, riceverai un avviso tramite posta elettronica ogni volta che il motore di ricerca troverà un nuovo messaggio per te
Il servizio è completamente GRATUITO!
x
Login to ForumsZone
Login with Google
Login with E-Mail & Password