I want to have two custom apps running on my shared hosting account. Both of them would speak http on their assigned ports. The first app will be mapped to a website and the second app will be a service for the first app.
Is there any way to make sure that only my own apps can talk to the service app?
If that's not possible, then my first thought (to avoid developing a full auth system) is to have the service speak https and include an auth token in query params (which are encrypted in https) on every request from the website app. Does that sound like a realistic plan?
asked 22 Feb, 20:27
Is there some reason you need them to communicate via HTTP? If they're running on the same machine, then using a filesystem socket (in your home directory) for communication would be more secure, and probably faster.
If that's not an option for you, then you'll have to use some form of authentication+encryption. Your auth token idea seems reasonable, as long as it's only passed in encrypted POSTs.
answered 23 Feb, 00:51