Page 1 of 1

FR: Digest auth in HTTP Request

Posted: 12 Nov 2018 18:24
by beelze
I'm new in AM, but I (and other users) have already faced to a «RPC problem», when I need to execute some action on remote AM instance. I've failed to found something suitable for this except HTTP Request pair, but it is unsecure at all.

Of course, obvious solution is to use TLS, but… cert chains and issuing, name resolution, cipher suites and other stuff… It's overkill I guess to properly implement and maintain and hard to [properly] use for an ordinary user. In other words, implementation of secure HTTPS server with server-side certificates on mobile device is not a way.

As an cheap and relatively secure alternative I suggesting to implement digest HTTP auth in HTTP Request pair. Security level is not the «best» but it's enough for the most everyday tasks. Another alternative is a something ssh-based, using restricted environment and pubkey auth.