ulxmlrpcpp provides two rather simple ways to secure your transmissions without big efforts. There is also SSL/TLS as a third option but this needs additional libraries and other resources as well as rather much knowledge.
First, you can use basic authentication as used with HTTP.
This offers very little security | |
---|---|
Think of it mainly as a protection against unintentional access, for example from web browsers. This way the browser shows the user an authentication dialog and he is aware of the forbidden area. Password and username are "encoded" in BASE64 but this almost the same as plain text. |
Preparing The Server.
On the server side assign a name to the according realm (a realm usually describes a subdirectory on the server). Then add some allowed username with password to the realm. |
TcpIpConnection conn (true, 0x7f000001, 32001); HttpProtocol prot(&conn); HttpServer http_server (&prot); http_server.addRealm("/RPC-Sec", "SecureRPCRealm"); http_server.addAuthentication("ali-baba", "open-sesame", "SecureRPCRealm");
The Authenticating Client.
On the client side call the server with the credentials. | |
The client may as well set username and password for all further HTTP transmissions. |
TcpIpConnection conn (false, host, port); HttpProtocol prot(&conn); HttpClient http_client(&prot); MethodResponse resp = client.call(secureDispatcher, "/SecureRPCRealm", "ali-baba", "open-sesame"); client.setMessageAuthentication("ali-baba", "open-sesame");
The second and more important step is to encrypt your calls and responses with strong cryptography.
The idea is to:
build a call and transform it into an XML structure
encrypt this structure and send it as a single parameter to a special method on the server
decrypt the parameter and dispatch it in a second stage to the correct internal method
convert the response to an XML structure and send it back encrypted
decrypt and decode the structure in an additional step to get the result
This way you can use the same methods as usual. It is just that you put your confidental data encrypted in an envelope which you can send visibly over public networks. The machine on the other side decrypts the data and does a second processing stage. You do nothing special, you just duplicate some steps.
See secure_server.cpp and secure_client.cpp for almost complete examples how the whole might look like.