Sorry if this is a bit of a dumb question, but I'm very new to REST programming. I have an application available for both the Internet and mobile devices, and I will use REST-like web services for the mobile and machine parts. I was about to use the S3 authentication model for REST requests, however this requires that the user account is already configured.
If a user starts using this service through an iPhone or other mobile device, what is the best way to securely create a user account? As it stands right now, anyone can create an account that will be created inactive and then activated by email on the CAPTCHA web page. But I'm afraid that this could still lead to DOS attacks, given the fact that an email is generated for each request.
Any suggestions for improving this model and / or completing the request really come from the iPhone?
source
share