Thanks a lot Roger. I will look into those.
On Wed, Feb 5, 2014 at 3:35 PM, Roger Meier <[email protected]> wrote: > Hi Sachith > > Sorry for the long delay... > > I recommend to use a string authToken or similar within each service as > first parameter. > This enables security at service level and is usually the thing you need > from a long term perspective. > > On the other hand there is SSL at the transport layer. Good in combination > with the service level authentication. > Supported by many languages, but not yet integrated into the cross > languages > test suite. > > The other thing is SASL available on java implementation, patches might be > available for other languages. > > All the best! > -roger > > -----Original Message----- > From: Sachith Withana [mailto:[email protected]] > Sent: Samstag, 1. Februar 2014 19:55 > To: [email protected] > Subject: Securing public Thrift API > > Hi all, > > I'm working with Apache Airavata and we are in the process of using Apache > Thrift for both internal and external uses. > > I'm looking into the security aspects of Thrift. > > Any suggestions on securing the communication? > > In the case of Evernote, I read that they are using a proxy as well? > > > -- > Thanks, > Sachith Withana > > -- Thanks, Sachith Withana
