How do I secure password parameters in RESTful web service URIs?
Posted
by adam
on Stack Overflow
See other posts from Stack Overflow
or by adam
Published on 2010-04-26T17:11:15Z
Indexed on
2010/04/26
17:13 UTC
Read the original article
Hit count: 201
i'm a newbie to server-side programming, so please forgive me if this gets messy. i've been contracted to create a web service to allow authenticated users to access a database. users have to enter a login and password. been reading and reading about REST vs SOAP, and i thought i'd settled on a RESTful design when i came across this statement: "Data that needs to be secure should not be sent as parameters in URIs." this seems like a major demerit against a RESTful approach. i'm aware that with https the password would be encrypted to prevent man-in-the-middle interception, but that leaves the server logs and client history as possible exposure points. is there a RESTful solution out there for this problem, or do i need to go SOAPy? any advice appreciated.
© Stack Overflow or respective owner