Reputation: 2970
JSON restful service security
I am currently building a web application, that has fully separated a "frontend" server with Lighttpd only serving the index.html and javascript etc.
Backbone.js etc. keep my frontend in connection with my webservice "backend" written in Node.js
The backend is completely stateless, doing authentication each request through http basic and runs SSL (https).
How do I make sure that only the connections happening on my "backend" server are comming from the Lighttpd "frontend" server and not some random hacker?
Thanks for help.
Upvotes: 2
Views: 213
Answers (2)
Reputation: 5006
You may use ssl between the 2 servers and use a certificate to ensure identification. That's really secure if you protect your certificate well.
Upvotes: 1
Reputation: 71414
If you know the front-end server is going to be on a specific IP address or range or IP addresses, you might want to restrict traffic on the back-end server to only be from that address.
Upvotes: 1
Related Questions
- How to secure a simple Node.js RESTful API
- How do I secure rest api?
- Secure requests in nodejs
- How to secure node js API
- NodeJS/express - security for public API endpoint
- JSON Vulnerability Protection using express JS
- Internal REST API security
- Secure node.js restful API
- How to protect a private REST API in an AJAX app
- How to make REST calls secure