Alternative methods for JSON-RPC authentication
#16
(2013-07-05, 11:46)Montellese Wrote: It's not like XBMC is being used to store your credit card information or whatever.

I know the position on security of many Team XBMC members. I just don't agree with them especially now that XBMC is also moving into the mobile domain where it will be installed on devices that people will take outside their homes and use on public wifi networks.

But this is totally off-topic, so let's agree to disagree Wink
Reply
#17
Quote:That limitation could be overcome by passing the API key as a URL parameter and let the web server handle the authorization.

Nope. With JSON-RPC and JSON-Schema it is possible to auto-generate the needed proxy classes. In this scenario the client developer has no access to the generated URLs. As Montellese wrote the only possible solution is to change the signature of alle the API methods, which results in breaking changes.





Sidenote: It's funny how JSON-RPC becomes more and more similar to SOAP. Especially since a lot of people use JSON because SOAP seems to be so complicated..
Reply

Logout Mark Read Team Forum Stats Members Help
Alternative methods for JSON-RPC authentication0