security - Sending sensitive information to REST service -

-

we have soap based web service our in house applications use authenticate users. basically, send soap request username , password. web service authenticates credentials against our data store , returns user information if authentication successful. web service secured using basic authentication , ssl.

we need make modifications web service , considering re-writing rest service. rest services have created in past have been simple , had no need security. have never created rest service used sensitive information, have couple of questions / concerns:

first, there best practice sending sensitive query parameters (user credentials) rest service securely? can still use basic authentication , ssl.

second, if send query rest service using post, still considered restful, or required rest queries?

you can use ssl , basic authentication rest web services well.

http used data retrieval (queries) can use http post well. useful if can use type of http caching. post usefull if need transfer lot of data define query or if web service operation expects complex data format instead of simple arguments.


Comments

Post a Comment

Popular posts from this blog

javascript - Enclosure Memory Copies -

-
function myclass() { //lots , lots of vars , code here. this.bar = function() { //do numerous enclosed myclass vars } this.foo = function() { alert('hello'); //don't enclosed variables. } } each instance of myclass gets own copy of bar , foo, why prototyped methods use less memory. however, know more memory use of inner methods. it seems obvious me (1) below must true. agree? not distinct myclass instances have own distinct copies of bar, must have own distinct copies of myclass enclosure. (or else how bar method keep myclass variables straight on per instance basis?) now (2) question i'm after. since inner foo method doesn't use in myclass enclosure natural qustion is: javascript smart enough not keep myclass enclosure in memory use of foo? this depend entirely on implementation not language. naive implementations keep far more around others. answer true e.g. v8 (chrome's js engine) may not true spider...
Read more

php - Replacing tags in braces, even nested tags, with regex -

-
example preg_replace('/\{[a-za-z.,\(\)0-9]+\}/', 'replaced', 'lorem ipsum dolor sit {tag1({tag2()})}, consectetur adipiscing elit.'); the result: lorem ipsum dolor sit {tag1(replaced)}, consectetur adipiscing elit. question as can see "tag2" has been replaced, want replace "tag1" know how can this? (in cases might this: {tag1({tag2({tag3()})})}) , on.) btw using preg_replace_callback, easier show preg_replace here site can test code: http://www.spaweditor.com/scripts/regex/index.php you need add curly braces character set. here's pattern used: /\{[a-za-z.,\(\)\{\}0-9]+\}/ and here result: "lorem ipsum dolor sit replaced, consectetur adipiscing elit."
Read more