5.1 Security Considerations for Implementers

RPC over HTTP v1 has inadequate security. It is recommended that implementers consider using and implementing RPC over HTTP v2.

It is recommended that implementers consider building implementations that use or encourage the use of RPC over HTTP v2 built on top of HTTPS and enforce the use of HTTP authentication and mandate authorization of the client on the inbound and outbound proxies.

Show: