Simplest way for secure, JSON-based client/server solution?

Dear ruby-talk’ers,

Long time since I was actively involved in Ruby community so would
like to get your up-to-date view of what would be the simplest way to
support secure (ssh-encrypted typically) client/server communication
via JSON between ruby scripts. I want to use encrypted JSON since some
of the clients might later need to be implemented in other languages
than Ruby and JSON is widespread. But other ideas/comments also
appreciated.

Thanks,

Robert F.

Robert F. wrote in post #1033780:

Long time since I was actively involved in Ruby community so would
like to get your up-to-date view of what would be the simplest way to
support secure (ssh-encrypted typically) client/server communication
via JSON between ruby scripts. I want to use encrypted JSON since some
of the clients might later need to be implemented in other languages
than Ruby and JSON is widespread. But other ideas/comments also
appreciated.

If you’ve already decided you want to use ssh to handle the encryption,
then you would use ssh tunnelling. This lets you pass a TCP session
securely over ssh to a remote endpoint, but the two endpoints are not
doing any encryption.

Client ----- ssh ================ sshd ------ Server

ssh -L :: @

Your two other main options for securing the connection are SSL and
IPSEC.

However, that doesn’t define what application-layer protocol you are
going to use; JSON is just a way to encode Javascript objects, it is not
a protocol for request/response exchanges.

Many people just use JSON over HTTP/HTTPS - this is essentially the
RESTful approach. You GET a JSON object from a particular URL; or you
PUT or POST a JSON object to a URL, and get another JSON object in the
response.

There is also a JSON RPC proposal - json-rpc.org - but I don’t know what
state this proposal is in, nor the ruby implementations of it.

In both cases, the semantics of handling interrupted communication are
up to you (e.g. if you POST an object but didn’t get a response, it’s
possible that the object was received and acted upon, but the response
was interrupted. What would happen if you resubmit the original request?
If this is a financial transaction, would the customer be charged
twice?)

If you want the messaging layer to handle this sort of issue for you
then you should look at using a dedicated messaging layer instead (e.g.
an AMQP engine like rabbitmq)

On Sun, Nov 27, 2011 at 8:21 PM, Brian C. [email protected]
wrote:

Robert F. wrote in post #1033780:

Long time since I was actively involved in Ruby community so would
like to get your up-to-date view of what would be the simplest way to
support secure (ssh-encrypted typically) client/server communication
via JSON between ruby scripts. I want to use encrypted JSON since some
of the clients might later need to be implemented in other languages
than Ruby and JSON is widespread. But other ideas/comments also
appreciated.

If you’ve already decided you want to use ssh to handle the encryption,

I can’t see that Robert has said this. He wants SSL but not necessarily
SSH.

Many people just use JSON over HTTP/HTTPS - this is essentially the
RESTful approach. You GET a JSON object from a particular URL; or you
PUT or POST a JSON object to a URL, and get another JSON object in the
response.

That would be HTTPS in this case.

Without knowing more I’d first look into OpenSSL and JSON
http://rubydoc.info/stdlib/openssl/1.9.3/frames
http://rubydoc.info/stdlib/json/1.9.3/frames

Kind regards

robert

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs