How to safely perform REST with sensitive data?

Question

How to safely perform REST with sensitive data?

we are introducing a new web service. The web service will store sensitive data, and there are several types of users with different permissions. Therefore, some types of users cannot access (and some cannot change, etc.) Certain data types. How does it work in REST? I am very new to REST, so sorry if this sounds noobish.

+3

security rest

Earlz Mar 23 '10 at 22:01

source share

3 answers

No matter what, you probably want to encrypt using HTTPS.

.

, cookie .

+1

Joe Koberg 23 . '10 22:05

, (Google apis). .

. HTTP POST ( SSL) http://you/auth (- MD5) - MD5 , .

HTTP 200 OK .

. ( - , ), . , ( SSL).

, , . .

, .

+1

DrPep 23 . '10 22:50

stimms · Accepted Answer · 2010-03-23T22:05:25+0000

Your first step is to provide some SSL transport encryption. This should make sure that there are no people in medium attacks and no one is monitoring the data. Secondly, you need to figure out some kind of authentication method. A popular method is to create a login service to which you send the username and password and return some limited life key. Then you send this key along with all requests for submission, and the server checks it before returning any data. If you have different user levels, as well as key verification, check also if this user should have access to this information.

How to safely perform REST with sensitive data?

More articles: