I used to do that, I had a sort of IDE that launched a local server, bound to localhost.

The launching process would send a random password through stdin to the child after launch, and the child would use that to authenticate the further RPC calls.

It's surprisingly hard to intercept a process' stdin stream.