rwgdrummer
commented
3 years ago Still need to tackle this. We used JWT in AIDA. This also coincides with a request from Kitware.
JWT is a nice easy-to-add plugin. It does require a user/secret authorization. If we stay out the DB world(adding mysql), then it can be an encrypted text file. We can reuse logic from AIDA.
Client suggestions: In session creation, the client should send a shared secret (password for each client) and then we issue back JWT. Use JWT for all subsequent session requests. Corporate would like lock down the ports to specific IP addresses. This orthogonal. We have the option of setting a web service (port 80 and 443). Advantage is denial of service of attach.