Robert Feldt wrote in post #1033780:
> Long time since I was actively involved in Ruby community so would
> like to get your up-to-date view of what would be the simplest way to
> support secure (ssh-encrypted typically) client/server communication
> via JSON between ruby scripts. I want to use encrypted JSON since some
> of the clients might later need to be implemented in other languages
> than Ruby and JSON is widespread. But other ideas/comments also
> appreciated.

If you've already decided you want to use ssh to handle the encryption, 
then you would use ssh tunnelling. This lets you pass a TCP session 
securely over ssh to a remote endpoint, but the two endpoints are not 
doing any encryption.

    Client ----- ssh ================ sshd ------ Server

ssh -L <localport>:<serverhost>:<serverport>  <username>@<sshd-host>

Your two other main options for securing the connection are SSL and 
IPSEC.

However, that doesn't define what application-layer protocol you are 
going to use; JSON is just a way to encode Javascript objects, it is not 
a protocol for request/response exchanges.

Many people just use JSON over HTTP/HTTPS - this is essentially the 
RESTful approach. You GET a JSON object from a particular URL; or you 
PUT or POST a JSON object to a URL, and get another JSON object in the 
response.

There is also a JSON RPC proposal - json-rpc.org - but I don't know what 
state this proposal is in, nor the ruby implementations of it.

In both cases, the semantics of handling interrupted communication are 
up to you (e.g. if you POST an object but didn't get a response, it's 
possible that the object was received and acted upon, but the response 
was interrupted. What would happen if you resubmit the original request? 
If this is a financial transaction, would the customer be charged 
twice?)

If you want the messaging layer to handle this sort of issue for you 
then you should look at using a dedicated messaging layer instead (e.g. 
an AMQP engine like rabbitmq)

-- 
Posted via http://www.ruby-forum.com/.