How do I secure password parameters in RESTful web service URIs?

Posted by adam on Stack Overflow See other posts from Stack Overflow or by adam
Published on 2010-04-26T17:11:15Z Indexed on 2010/04/26 17:13 UTC
Read the original article Hit count: 201

Filed under:
|

i'm a newbie to server-side programming, so please forgive me if this gets messy. i've been contracted to create a web service to allow authenticated users to access a database. users have to enter a login and password. been reading and reading about REST vs SOAP, and i thought i'd settled on a RESTful design when i came across this statement: "Data that needs to be secure should not be sent as parameters in URIs." this seems like a major demerit against a RESTful approach. i'm aware that with https the password would be encrypted to prevent man-in-the-middle interception, but that leaves the server logs and client history as possible exposure points. is there a RESTful solution out there for this problem, or do i need to go SOAPy? any advice appreciated.

© Stack Overflow or respective owner

Related posts about rest

Related posts about security