[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [mihini-dev] [REST] Tech Preview
|
Hi all,
I would suggest two modes (the modes would be activable in the configstore):
1. No security: Assuming, a member of the community plans to use Mihini
on his rasp. pi, he does not want necesseraly to implement/use security
(it's not easy to deploy and useless on a local network)
2. OAuth 2.0 [1] : A well-known authentication mechanism designed for
that purpose
What do you think ? I mean, it would be better to use a good
authentication mechanism instead of a one with security holes, imho.
1. http://tools.ietf.org/html/rfc6749
Le 28/05/2013 18:24, Cuero Bugot a écrit :
Well no. LuaRPC does not provide any security and that is an issue.
It is not for development only, for instance in AAF[1], it has to be enabled on production !
Security, as the first step, could probably be a digest authentication only. An enhanced solution would be to have SSL layer, but that would be a second step...
[1] http://developer.sierrawireless.com/ALEOS_AF
-----Original Message-----
From: mihini-dev-bounces@xxxxxxxxxxx [mailto:mihini-dev-bounces@xxxxxxxxxxx] On Behalf Of Benjamin Cabé
Sent: Tuesday, May 28, 2013 6:12 PM
To: Mihini project developer discussions
Subject: Re: [mihini-dev] [REST] Tech Preview
What do you mean by security?
Just like RPC, I think the REST server is just meant to be enabled in development mode, no?
Benjamin--
Le 28/05/13 18:02, « Romain Perier » <rperier@xxxxxxxxxxxxxxxxxx> a écrit :
Le 28/05/2013 16:19, Cuero Bugot a écrit :
Yes indeed. That is something we thought about. It would be a
simplified workflow for one application uninstall. The generic way
(creating package) is still necessary if you need to do more than one
operation at a time.
However it would require a little more work on the update component.
We'd like to have more feedback on the update component before
starting some code refactoring on it. I would suggest to open a ticket
to track that specific feature. It might end up as a low priority
though, because there is a workaround for that use case.
Let us know if that is blocking for you.
-----Original Message-----
From: mihini-dev-bounces@xxxxxxxxxxx
[mailto:mihini-dev-bounces@xxxxxxxxxxx] On Behalf Of Simon Bernard
Sent: Tuesday, May 28, 2013 3:01 PM
To: Mihini project developer discussions
Subject: Re: [mihini-dev] [REST] Tech Preview
1 suggestion : Currently the only way to uninstall an application is
to use the localupdate and create an "uninstall" package.
A more simple way to do that will be a great improvement.(I mean
without package creation)
Thanks for your feedbacks. A first finalized implementation has been
pushed to the branch bugs/402289.
@ALL: any other suggestions/feedbacks until we add security to the rest
stack ?
Regards,
Romain
_______________________________________________
mihini-dev mailing list
mihini-dev@xxxxxxxxxxx
http://dev.eclipse.org/mailman/listinfo/mihini-dev
_______________________________________________
mihini-dev mailing list
mihini-dev@xxxxxxxxxxx
http://dev.eclipse.org/mailman/listinfo/mihini-dev
_______________________________________________
mihini-dev mailing list
mihini-dev@xxxxxxxxxxx
http://dev.eclipse.org/mailman/listinfo/mihini-dev