Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!news.mixmin.net!rt.uk.eu.org!newsfeed.xs4all.nl!newsfeed3.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path: <travisgriggs@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.064
X-Spam-Evidence: '*H*': 0.87; '*S*': 0.00; 'level,': 0.07; 'prototyping': 0.07; 'frameworks,': 0.09; 'pointers': 0.09; 'replied': 0.09; 'url:github': 0.09; 'api': 0.11; 'python': 0.11; "(it's": 0.16; 'enough?': 0.16; 'recipe': 0.16; 'subject:between': 0.16; 'subject:security': 0.16; 'such,': 0.16; 'travis': 0.16; 'app': 0.19; 'stack': 0.19; 'examples': 0.20; 'example': 0.22; 'to:name:python-list@python.org': 0.22; 'either.': 0.24; 'ssl': 0.24; 'fine': 0.24; 'server.': 0.24; "haven't": 0.24; 'sort': 0.25; "i've": 0.25; 'posts': 0.26; 'rest': 0.29; 'appreciated.': 0.29; 'received:172.16': 0.29; 'network.': 0.30; "i'm": 0.30; 'getting': 0.31; 'bunch': 0.31; 'keys': 0.31; 'loading': 0.31; 'searches': 0.31; 'anyone': 0.31; 'figure': 0.32; 'running': 0.33; 'framework': 0.33; 'implemented': 0.33; 'beyond': 0.35; 'convert': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'add': 0.35; 'subject:Simple': 0.36; 'subject:service': 0.36; 'next': 0.36; 'charset:us-ascii': 0.36; 'subject:?': 0.36; 'should': 0.36; 'so,': 0.37; 'level': 0.37; 'message-id:@gmail.com': 0.38; 'to:addr:python-list': 0.38; 'aside': 0.39; 'embedded': 0.39; 'stock': 0.39; 'to:addr:python.org': 0.39; 'how': 0.40; 'read': 0.60; 'easy': 0.60; 'access,': 0.60; 'simple': 0.61; 'complete': 0.62; "you've": 0.63; 'header:Message-Id:1': 0.63; 'name': 0.63; 'kind': 0.63; 'real': 0.63; 'our': 0.64; 'more': 0.64; 'great': 0.65; 'account': 0.65; 'iphone': 0.65; 'relatively': 0.65; 'wall': 0.65; 'services': 0.66; 'secure': 0.71; 'resolution,': 0.84; 'semi': 0.84; 'subject:iPhone': 0.84; 'subject:skip:S 10': 0.84; 'step.': 0.91; 'confidence': 0.95
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:content-transfer-encoding:subject:message-id:date :to:mime-version; bh=SZ5CEQZw6HyF9aH3kglrPDq73N4wJ1tDi0w7xmTC7RI=; b=NPhhyfvq5jjQCRslerGSAfNvS8dHiswlkAb7jt0p9BkJIsH20ll5aUxgHve7vhsF+c WF9JaxciO4rb2x6uhQVug7fJ1ixvOOpFQviN3RkCOa8zas22/1lAXXFWAp7cAHhVSIE2 E7qyzEE2/eGKa2s9Yz7NPR+ZAaeUe9yQo59RPaWfvHtJE67eH73n0Sz0RJ7CxXtmINGG Nff+bj4RvlDUXPsfVuBQDng71I/U3P7OJgcibyTNfbEl7ktD97PE+zXZ+hnA2pKfr8Hl 3rOo8VQLLK0QCrL1XCiZF5fwhXyC5uoNz/vV5yYH7/bPa01ZoHnkZOX4bme1l+4I4iP7 WlQg==
X-Received: by 10.66.159.132 with SMTP id xc4mr40193427pab.27.1379466487263; Tue, 17 Sep 2013 18:08:07 -0700 (PDT)
From: Travis Griggs <travisgriggs@gmail.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Subject: Simple security between prototype iPhone app and SimpleHTTPServer REST service?
Date: Tue, 17 Sep 2013 18:08:05 -0700
To: "python-list@python.org" <python-list@python.org>
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
X-Mailer: Apple Mail (2.1508)
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.98.1379466496.18130.python-list@python.org>
Lines: 34
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1379466496 news.xs4all.nl 15927 [2001:888:2000:d::a6]:53010
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:54343

I'm prototyping a simple data collection service. I've implemented a =
simple REST API implemented with python 3x stock HTTPServer. And a =
simple iPhone app that submits data via a json/POST. And it all works =
just great when my iPhone is on the same network as the server.

But now I want to go the next step. I don't need to move beyond =
prototype/PoC yet, I just want to be able to do it outside of our =
internal network. Issues aside of getting access, name resolution, a =
port and that kind of stuff... what kind of security should I add to it? =
I might as well be a complete neophyte in this area. I've read a number =
of posts and such, and I get some of the pieces, at some level, but any =
confidence how to put that part of a web stack together elude me.

I found a example of how to add SSL to my python service =
(https://gist.github.com/ubershmekel/6194556). If I can figure out how =
to get the right keys embedded into my iPhone app (it's just on my =
phone, not anyone else's), is that enough? Or should I include some sort =
of auth? If so, what kind? And any pointers to how to start that would =
be much appreciated.

Some have blithely replied that I should be using Flask or Tornado. I =
get that I'm going to hit a wall with HTTPServer and that it's more of a =
"toy" implementation. But I don't want to get buried in learning a big =
framework either. If it was relatively easy to convert my simple REST =
service to one running on Tornado or Flask, without loading a bunch of =
other frameworks, and I got easy access to security services and good =
examples how to do them, that'd be fine with me. So far, my searches =
haven't turned up the simple recipe of "so, you've made a simple REST =
API with HttpServer, here's how to take it to the semi secure public =
level using a real web framework."

Travis Griggs
-- I multiple all estimates by pi to account from running around in =
circles.=