is there a way to have the json rpc interface encrypted? or to have the “session”, “login” request encrypted so that the password for the router isn’t simply sent over as plaintext?
Could this be done by sending the POST requests over HTTPS instead of HTTP?
Yes, sending the POST request via HTTPS will be more secure than using regular unencrypted HTTP. Here is a packet capture of HTTP vs HTTPS:
However, it should be noted that the router uses self-signed certificates, thus the most secure way to use JSON-RPC remotely is via a VPN tunnel.
It should be noted that HTTPS access must be enabled in System → Access Control in order for JSON-RPC to work via HTTPS.
Hope this helps!
This topic was automatically closed after 15 days. New replies are no longer allowed.