Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.lang.python > #109701

Re: Design an encrypted time-limited API on Client/Server side

Path csiph.com!fu-berlin.de!uni-berlin.de!not-for-mail
From dieter <dieter@handshake.de>
Newsgroups comp.lang.python
Subject Re: Design an encrypted time-limited API on Client/Server side
Date Thu, 09 Jun 2016 08:55:34 +0200
Lines 18
Message-ID <mailman.90.1465455417.2306.python-list@python.org> (permalink)
References <3cef557f-bb1c-490a-a9ff-4c136cfdef2c@googlegroups.com> <87oa7a7swp.fsf@handshake.de>
Mime-Version 1.0
Content-Type text/plain; charset=us-ascii
X-Trace news.uni-berlin.de AEPF544GjdCvJ0Oh3MNVWQBrhaNrHcGUPi4MXH+rF3Pw==
Cancel-Lock sha1:5Hjmy+rIbQVH+TPHCqHt0qWWN8o=
Return-Path <python-python-list@m.gmane.org>
X-Original-To python-list@python.org
Delivered-To python-list@mail.python.org
X-Spam-Status OK 0.030
X-Spam-Evidence '*H*': 0.94; '*S*': 0.00; 'api': 0.09; 'django,': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'received:80.91.229.3': 0.16; 'received:dip0.t-ipconnect.de': 0.16; 'received:io': 0.16; 'received:plane.gmane.org': 0.16; 'received:psf.io': 0.16; 'received:t-ipconnect.de': 0.16; 'url:8000': 0.16; 'later': 0.16; 'gui': 0.18; 'prevent': 0.20; 'import': 0.24; 'written': 0.24; 'requests': 0.25; 'header:User- Agent:1': 0.26; 'header:X-Complaints-To:1': 0.26; 'parameters': 0.27; 'this.': 0.28; 'once.': 0.29; 'allows': 0.30; 'subject:/': 0.30; 'initially': 0.30; 'post': 0.31; 'anyone': 0.32; 'call,': 0.33; 'handle': 0.34; 'server': 0.34; 'could': 0.35; 'protocol': 0.35; 'subject:time': 0.35; 'should': 0.36; 'there': 0.36; 'cases': 0.36; 'url:non-standard http port': 0.36; 'urls': 0.36; 'to:addr:python-list': 0.36; 'subject:: ': 0.37; 'client': 0.37; 'received:org': 0.37; 'charset:us-ascii': 0.37; 'associated': 0.38; 'subject:-': 0.39; 'to:addr:python.org': 0.40; 'received:de': 0.40; 'customized': 0.61; 'side': 0.62; 'url:0': 0.63; 'minutes': 0.64; 'encrypted': 0.66; 'subject:Design': 0.79; 'desperately': 0.84; 'subject:Client': 0.84; 'expiration': 0.91; 'subject:Server': 0.91; 'subject:limited': 0.93
X-Injected-Via-Gmane http://gmane.org/
X-Gmane-NNTP-Posting-Host p57b38502.dip0.t-ipconnect.de
User-Agent Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.4.22 (linux)
X-BeenThere python-list@python.org
X-Mailman-Version 2.1.22
Precedence list
List-Id General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive <http://mail.python.org/pipermail/python-list/>
List-Post <mailto:python-list@python.org>
List-Help <mailto:python-list-request@python.org?subject=help>
List-Subscribe <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
X-Mailman-Original-Message-ID <87oa7a7swp.fsf@handshake.de>
X-Mailman-Original-References <3cef557f-bb1c-490a-a9ff-4c136cfdef2c@googlegroups.com>
Xref csiph.com comp.lang.python:109701

Show key headers only | View raw


iMath <redstone-cold@163.com> writes:

> ?I am planning design an encrypted time-limited API on both Client and Server sides, the server side is written in Django, the client side is a GUI program which call the API by
> import requests
> c = requests.post("http://127.0.0.1:8000/VideoParser/", data={'videoUrl': videoUrl })
> The way it call the API is desperately exposed to those who can use network traffic capturing tools like wireshark and fiddler

You could require the "https" protocol to prevent this.

> while I don't want anyone else could call the API with their customized videoUrl, and if people made the post call with the same parameters 2 minutes later after the client initially made the call, the call should be valid or expired, so how to design the encrypted time-limited API on both Client and Server side in this case ?

There is a general concept of "one-time-url" to handle cases such
as this one. These are urls which can be used just once.

Usually, they have associated an expiration date
and an uuid. The uuid is used on the server to maintain state (still
unused, already used); the expiration date allows state cleanup.

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread


Thread

Design an encrypted time-limited API on Client/Server side iMath <redstone-cold@163.com> - 2016-06-08 09:51 -0700
  Re: Design an encrypted time-limited API on Client/Server side dieter <dieter@handshake.de> - 2016-06-09 08:55 +0200
  RE: Design an encrypted time-limited API on Client/Server side Joaquin Alzola <Joaquin.Alzola@lebara.com> - 2016-06-08 17:04 +0000

csiph-web