WampSharp
WampSharp copied to clipboard
Code-Sharp
Dumb question here about WAMP
I am building a mobile application that spawns a docker container running a daemon which accepts rpc commands. I have been looking at WAMP as a way to route a daemon rpc call generated by the mobile client through the WAMP router to their daemon. For testing I have done this easily by just passing rpc creds as parameters in the WAMP procedure. I am pretty positive this is an awful idea but I don't know why and if it is an awful idea as I suspect is it possible to do it better?
I don't have enough background on the problem, but you can use an authentication mechanism to verify a client's permissions upon connection establishment. See the documentation website.
The credential are just a username and password, what I am asking is should I also encrypt the parameters that I pass?
I guess you should minimize the number of times you pass these on the wire. Authenticate first using HTTPS and receive a cookie. Then use cookie based authentication. Use WAMP over wss.
Maybe others have more concrete input.
Elad
On Sat, May 16, 2020, 00:31 Dinglebarry9 [email protected] wrote:
The credential are just a username and password, what I am asking is should I also encrypt the parameters that I pass?
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Code-Sharp/WampSharp/issues/317#issuecomment-629586671, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAIS75WHNKUJMC2ID3VATHDRRYJJFANCNFSM4NCWPFYQ .