T
Travis Griggs
I'm prototyping a simple data collection service. I've implemented a simple REST API implemented with python 3x stock HTTPServer. And a simple iPhone app that submits data via a json/POST. And it all works just great when my iPhone is on the same network as the server.
But now I want to go the next step. I don't need to move beyond prototype/PoC yet, I just want to be able to do it outside of our internal network. Issues aside of getting access, name resolution, a port and that kind of stuff... what kind of security should I add to it? I might as well be a complete neophyte in this area. I've read a number of posts and such, and I get some of the pieces, at some level, but any confidence how to put that part of a web stack together elude me.
I found a example of how to add SSL to my python service (https://gist.github.com/ubershmekel/6194556). If I can figure out how to get the right keys embedded into my iPhone app (it's just on my phone, not anyone else's), is that enough? Or should I include some sort of auth? If so, what kind? And any pointers to how to start that would be much appreciated.
Some have blithely replied that I should be using Flask or Tornado. I get that I'm going to hit a wall with HTTPServer and that it's more of a "toy" implementation. But I don't want to get buried in learning a big framework either. If it was relatively easy to convert my simple REST service to one running on Tornado or Flask, without loading a bunch of other frameworks, and I got easy access to security services and good examples how to do them, that'd be fine with me. So far, my searches haven't turned up the simple recipe of "so, you've made a simple REST API with HttpServer, here's how to take it to the semi secure public level using a real web framework."
Travis Griggs
-- I multiple all estimates by pi to account from running around in circles.
But now I want to go the next step. I don't need to move beyond prototype/PoC yet, I just want to be able to do it outside of our internal network. Issues aside of getting access, name resolution, a port and that kind of stuff... what kind of security should I add to it? I might as well be a complete neophyte in this area. I've read a number of posts and such, and I get some of the pieces, at some level, but any confidence how to put that part of a web stack together elude me.
I found a example of how to add SSL to my python service (https://gist.github.com/ubershmekel/6194556). If I can figure out how to get the right keys embedded into my iPhone app (it's just on my phone, not anyone else's), is that enough? Or should I include some sort of auth? If so, what kind? And any pointers to how to start that would be much appreciated.
Some have blithely replied that I should be using Flask or Tornado. I get that I'm going to hit a wall with HTTPServer and that it's more of a "toy" implementation. But I don't want to get buried in learning a big framework either. If it was relatively easy to convert my simple REST service to one running on Tornado or Flask, without loading a bunch of other frameworks, and I got easy access to security services and good examples how to do them, that'd be fine with me. So far, my searches haven't turned up the simple recipe of "so, you've made a simple REST API with HttpServer, here's how to take it to the semi secure public level using a real web framework."
Travis Griggs
-- I multiple all estimates by pi to account from running around in circles.