Value of ca-bundle.crt?
We have developed a back-end that responds to Brightscript roUrlTransfer calls. The roUrlTransfer call includes `SetCertificatesFile("common:/certs/ca-bundle.crt")`. For purposes of debugging the b...
Forum Discussion
belltown wrote:
you shouldn't have to do anything with the Roku certificates file.
I see the Roku docs recommend using the following to authenticate the roUrlTransfer call:
object.SetCertificatesFile("common:/certs/ca-bundle.crt")
object.AddHeader("X-Roku-Reserved-Dev-Id", "")
object.InitClientCertificates()
Since the certificates file isn't required for security, that seems to leave just the developer id as a way of protecting against unauthorized callers contacting my back-end REST endpoint.
Is that really enough? Couldn't someone hack a Roku, get the developer id for my app, and use it to send unauthorized calls to my REST endpoint?
Or am I missing something?
