ashceryth wrote: > > > I'm using the approach with my own nginx reverse proxy for terminating > and authenticating the sessions. As it isn't trivial to restrict the > source IPs, I was wondering if it would be possible to use > certificate-based authentication for additional security (as a bonus to > basic auth). So like sending a client certificate for the HTTPS requests > from the skill to the LMS which then can be verified by nginx. This way > it would be possible to ensure that only the skill is allowed to talk to > LMS. Would that even be possible with an Alexa skill? > >
Glad you're enjoying it - did you also try the MediaServer skill with far more capabilities? I'm afraid basic auth is all you can get with Alexa, but as it's over https your auth parameters can never be sniffed. Make sure you configure your proxy to only accept https connections and also use e.g. a uuid in the proxied path name for obscurity (instead of proxying https://joebloggs.myddns.me to LMS, make it e.g. https://joebloggs.myddns.me/7c740ff1-d357-4676-9d34-c63f6fe36995). The /path is also TLS encrypted and untraceable. ------------------------------------------------------------------------ philchillbill's Profile: http://forums.slimdevices.com/member.php?userid=68920 View this thread: http://forums.slimdevices.com/showthread.php?t=111443 _______________________________________________ plugins mailing list [email protected] http://lists.slimdevices.com/mailman/listinfo/plugins
