Answer the question
In order to leave comments, you need to log in
J
J
J. Snow2020-06-11 15:47:46
J. Snow, 2020-06-11 15:47:46
How to organize secure communication between microservices?
I plan to divide a monolithic application into microservices that will be located on different servers.
I understand that these microservices will be available from outside (i.e. from the Internet). Therefore, the question arises:
How to organize secure communication between microservices? To accept requests only from trusted applications (that is, from my other microservices).
PS: It would be nice to make it possible to specify access for each specific method.
For example, there is a payment microservice that has 1) a method for making a payment and 2) a method for viewing the payment history. And only one specific microservice should have access to the first method, and any of my microservices should have access to the second method.
PS 2: The languages in which microservices will be written are Java and NodeJS.
4 answer(s)
@j-snow
@firedragon
@vitaly_il1
Only those for which it is really necessary, the rest should be inaccessible.
I
Ivan Shumov, 2020-06-11 @j-snow
Interservice communication is no different from client-server communication. The same authentication and authorization (the same notorious openid credentials grant flow), the same SSL. In some rare cases, you can limit yourself to white-list ip, but there are enough restrictions and no roles
V
Vladimir Korotenko, 2020-06-11 @firedragon
Organize a network, open a hole outward. Guides a whole car. And by the way, it's just idiocy to protect applications if your network has already been broken into. IMHO
V
Vitaly Karasik, 2020-06-11 @vitaly_il1
I understand that these microservices will be available from outside
Only those for which it is really necessary, the rest should be inaccessible.
Similar questions
N
K
L
J
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question