Do I need to encrypt API call if flask listening on localhost only?

user1357015

5/2/23, 3:39 AM

I'm setting up a flask + reactJS combination for the first time. In my app, I will have a user design something then pass it as json to the flask back end that will do some python combinations.

I have set up a login using Auth0 into my ReactJS app. My flask app only listens on 127.0.0.1:5000.

Question: Do I need to create secure api connection from reactjs -> flask if they are both on the same server? The user has already authenticated through the react app.

THank you!

0 + 0

nginx

flask

AlexD

5/2/23, 10:43 AM

It depends on your security requirements and risk assessment. But if you have to ask it here then you won't get much security improvement from TLS on localhost.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Do I need to encrypt API call if flask listening on localhost only?

TH: ฉันจำเป็นต้องเข้ารหัสการเรียก API หรือไม่หากขวดกำลังฟังบน localhost เท่านั้น

RO: Trebuie să criptez apelul API dacă flask ascultă numai pe localhost?

RU: Нужно ли мне шифровать вызов API, если flask прослушивает только локальный хост?

VI: Tôi có cần mã hóa lệnh gọi API nếu bình chỉ nghe trên máy chủ cục bộ không?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.