Copyright © https://mongoose-os.com

Mongoose OS Forum

frame

Secure RPC

Hi everyone,

I am trying to find out a solution to establish a secure way to access RPC , that is , End user of my product can not use RPCs anyhow other than mobile/web interface provided by me , over local network.

also they should not be able to see the data transfer between mobile App and esp8266 running Mongoose ( I am thinking it may involve doing it over secure websocket / https ) but I have no idea where to start with.

it will be great if someone can point me to right direction and if there is an available example.

Comments

  • valentinvalentin Amsterdam

    WSS/HTTPS - Perfect during development, not really suitable for production.
    Secure RPC - If you find a way to share the users credentials to the customer in a reliable and secure way, I am very interested.

  • Valentin, My device setup is as follows -

    1. I need to use one built in RPC to set user wifi config - an android App will ask user to fill in wifi SSID and passkey - and set it on ESP device.
    2. one custom RPC that take JSON string from Android APP and accordingly set output on GPIO and UART

    my problems are :

    1. I want this to happen over secure connection - which I believe can be overcome by using HTTPS - encryption will stop any listener to know what raw data is being transmitted
    2. I do not want users to access any of the RPC without use of the android APP that we provide to our customers. i.e. they should not be able to use RPCs via Curl / html pages and hack in to ESP device

    why would you say that HTTPS is not suitable for production ??
    if My android APP has user authentication built in to it, I guess I can solve my problem number 2 - as my device will authenticate RPC use of Android App that has predefined user credentials.

    please let me know what do you think

    any other Mongoose-Os champion can feel free to help a newbie here..

Sign In or Register to comment.