Search Results

Search found 5900 results on 236 pages for 'rest'.

Page 18/236 | < Previous Page | 14 15 16 17 18 19 20 21 22 23 24 25  | Next Page >

  • Using a random string to authenticate HMAC?

    - by mrwooster
    I am designing a simple webservice and want to use HMAC for authentication to the service. For the purpose of this question we have: a web service at example.com a secret key shared between a user and the server [K] a consumer ID which is known to the user and the server (but is not necessarily secret) [D] a message which we wish to send to the server [M] The standard HMAC implementation would involve using the secret key [K] and the message [M] to create the hash [H], but I am running into issues with this. The message [M] can be quite long and tends to be read from a file. I have found its very difficult to produce a correct hash consistently across multiple operating systems and programming languages because of hidden characters which make it into various file formats. This is of course bad implementation on the client side (100%), but I would like this webservice to be easily accessible and not have trouble with different file formats. I was thinking of an alternative, which would allow the use a short (5-10 char) random string [R] rather than the message for autentication, e.g. H = HMAC(K,R) The user then passes the random string to the server and the server checks the HMAC server side (using random string + shared secret). As far as I can see, this produces the following issues: There is no message integrity - this is ok message integrity is not important for this service A user could re-use the hash with a different message - I can see 2 ways around this Combine the random string with a timestamp so the hash is only valid for a set period of time Only allow each random string to be used once Since the client is in control of the random string, it is easier to look for collisions I should point out that the principle reason for authentication is to implement rate limiting on the API service. There is zero need for message integrity, and its not a big deal if someone can forge a single request (but it is if they can forge a very large number very quickly). I know that the correct answer is to make sure the message [M] is the same on all platforms/languages before hashing it. But, taking that out of the equation, is the above proposal an acceptable 2nd best?

    Read the article

  • Should HTTP Verbs Be Used Semantically?

    - by Xophmeister
    If I'm making a web application which integrates with a server-side backend, would it be considered best practice to use HTTP methods semantically? That is, for example, if I'm fetching data (e.g., to populate a menu, etc.), I would use GET, but to update data (e.g., save a record), I would use POST. (I realise there are other methods that may be even more appropriate, but we need to consider browser support.) I can see the benefits of this in the sense that it's effectively a RESTful API, but at a slightly increased development cost. In my previous projects, I've POST'd everything: Is it worth switching to a RESTful mindset simply for the sake of best practice?

    Read the article

  • Alternatives to OAuth?

    - by sdolgy
    The Web industry is shifting / has shifted towards using OAuth when extending API services to external consumers & developers. There is some elegance in simple....and well, the 3-step OAuth process isn't too bad ... i just find it is the best of a bad bunch of options. Are there alternatives out there that could be better, and more secure? The security reference is derived from the following URLs: http://www.infoq.com/news/2010/09/oauth2-bad-for-web http://hueniverse.com/2010/09/oauth-2-0-without-signatures-is-bad-for-the-web/

    Read the article

  • Initiating processing in a RESTful manner

    - by tom
    Let's say you have a resource that you can do normal PUT/POST/GET operations on. It represents a BLOB of data and the methods retrieve representations of the data, be they metadata about the BLOB or the BLOB itself. The resource is something that can be processed by the server on request. In this instance a file that can be parsed multiple times. How do I initiate that processing? It's a bit RPC like. Is there best practice around this? (First time on programmers. This is the right place for this sort of question, right?)

    Read the article

  • how should I change the representation (not mimetype) of a resource?

    - by xenoterracide
    I'm looking at how I can change the representation of a payload at runtime for varied potential advantages, but I'm not sure how to do it. Specifically collections. Array of Pairs [{ <resource_uri> : { <entity> }, ...}] Array of Objects [<entity>,...] Array of Resources [<resource_uri>] Map of entities { <resource_uri> : { <entity> }, ... } My problem is, I'm not sure if I should put these different representations of the sets at different URI's, give them slightly varied mime types, e.g. application/foomap+json or perhaps use an optional query parameter ?format=map, or resource /entities/map. The UI is going to hide this, this is for programmatic web service access only (which the "UI's JS will have to call).

    Read the article

  • Is is OK to use a non-primary key as the id in a rails resource?

    - by nPn
    I am getting ready to set up a resource for some new api calls to my rails application. I am planning on calling the resource devices ie resources :devices This is going to represent a android mobile devices I know this will get me routes such as GET devices/:id In most cases :id would be an integer representing the primary key, and in the controller we would use :id as such: GET devices/1 @device = Device.find(params[:id]) In this case I would like to use :id as the google_cloud_messaging_reg_id So I would like to have requests like this: GET devices/some_long_gcm_id and then in the controller , just us params[:id] to look up the device by the gcm registration id. This seem more natural, since the device will know it's gcm id rather than it's rails integer id. Are there any reasons I should avoid doing this?

    Read the article

  • Building Website with JAX-RS (Jersey)

    - by 0xMG
    Is it discouraged/not-common to build Websites (not web-services!) using Jersey or any other JAX-RS implementation ? I didn't find any guide/tutorial/article regarding that.. At first impression , it seems to me that building website using Jersey (with JSPs as Viewables) is easier and more efficient than using Servlets & JSPs. If anyone did it before , I will be pleased to get tips, Do's & Don'ts, best practices etc... And maybe a good tutorial.

    Read the article

  • FishEye REST API get reviews for changeset

    - by Viktar
    I am trying to get list of reviews for specific changeset using FishEye REST API. Here is my URL: http://fisheye.company.com/rest-service-fe/search-v1/reviewsForChangesets/NameOfRepository/ I am posting it using fiddler composer with following request body: cs=16964 Here is my response: <?xml version="1.0" encoding="UTF-8" standalone="true"?> <reviewsForChangesets> <changesets> <changeset> <reviews/> <changesetId>16964</changesetId> </changeset> </changesets> </reviewsForChangesets> As you can see it has no reviews information. However if I go to following url I can see that 16964 changeset has reviews assigned to it: http://fisheye.company.com/changelog/NameOfRepository?cs=16964 I also tried to use: http://fisheye.company.com/rest-service-fe/search-v1/reviewsForChangeset/NameOfRepository/ I got the same response. Am I missing something?

    Read the article

  • Difference between ruby StringScanner post_match and rest?

    - by zhon
    What is the difference between ruby's StringScanner#post_match and StringScanner#rest? scanner = StringScanner.new('Say hello to...') scanner.scan(/\w+/) #=> 'Say' scanner.scan(/\s+/) #=> ' ' scanner.rest #=> 'hello to...' scanner.post_match #=> 'hello to...' scanner.rest.class #=> String scanner.post_match.class #=> String I don't see a difference. It seems like both return a string containing everything after the match.

    Read the article

  • SOAP - What's the point?

    - by DanSingerman
    I mean, really, what is the point of SOAP? Web services have been around for a while, and for a while it seemed that the terms 'SOAP' and 'Web service' were largely interchangeable. However SOAP always seemed unwieldy and massively overcomplicated to me. Then REST came along, and suddenly web services made sense. As Joel Spolsky says, give a programmer a REST URL, and they can start playing with the service right away, figuring it out. SOAP is obfuscated behind WSDLs and massively verbose XML, and despite being web based, you can't do anything as simple as access a SOAP service with a web browser. So the essence of my question is: Are there any good reasons to ever choose SOAP over REST? Are you working with SOAP now? Would it be better if the interface was REST? Am I wrong?

    Read the article

  • RESTful application validation. Mix of frontend/backend validation. How?

    - by Julian Davchev
    Hi. Using RESTful for all backend persistance and operations. I just pass data from frontend (by frontend I don't mean clientside but the part that is making use of the REST) to rest and data gets back success or no with validation errors if any. Thing is I have stuff that should be validated on frontend too..like csrf tokens, captcha etc. Only reasonable way is I mix validation coming from token/captcha checks and validation errors coming back from REST. Issue with this will be kinda automation as I wouldn't want form field names to map 1:1 with backend field names use by the REST documents. Any pointers ideas are more than welcome.

    Read the article

  • Why is cakephp form input stored in $this->data and POST data stored in $this->params['form'] ?

    - by spudnik1979
    the cakephp rest tutorial says that post data should be in $this-data, but I am finding that it is not, but instead inside $this-params['form'] However, when using cakephp form helper in a view, the data is in $this-data. Am I correct to have to check both locations in my controller? It just seems a bit of a waste of extra code. Shouldnt the data appear in one place for whether it came from a rest rest requestor or Cakephp form post? ps im using cakephp 1.3

    Read the article

  • Isolate user from the rest of the system..?

    - by Shiki
    There is a non-techsavvy user, who doesn't want to learn, and can only use Windows XP or 7. The problem is, that the computer is shared which she would like to use, and the computer stores sensitive, important data. Since she clicks on everything, it's quite a russian roulette. How could I isolate her account from the rest of the system? Like having a profile on the computer (it runs Windows 7 now) which would have the files and other stuff sandboxed? I was thinking of having a dual boot system, but that could compromise the files too, or the boot sector (talking about Windows). Linux is not a way, hence ... see the first line. Is there such a software that can set up a sandboxed environment?

    Read the article

  • Rest client throw timeout exception

    - by shandu
    Hi, I have create REST client in C# using example on this page: http://msdn.microsoft.com/en-us/library/aa395208(v=vs.90).aspx. Server is built in PHP. When I send request to some urls I have this exception: The request channel timed out while waiting for a reply after 00:00:59.9531250. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding. The time allotted to this operation may have been a portion of a longer timeout. But, sometimes, when I debug code, I get response. How to solve this?

    Read the article

  • Changing default REST routes in Rails 3

    - by Vincent
    I need to add one parameter to the default REST route for the show action for SEO purposes: resources :neighborhoods, :only => [:index, :show] neighborhood_url(neighborhood) # => /neighborhoods/lower-east-side I want something like the following: neighborhood_url(city, neighborhood) # => /neighborhoods/manhattan/lower-east-side What would be the easiest way to do this without using nested routes and without breaking Rails REST conventions?

    Read the article

  • Can I get memory usage of processes running on the monitored server by newrelic REST API

    - by youlin
    according to the newrelic faq https://docs.newrelic.com/docs/server/server-monitor-faq, The Server Monitoring agent can report Top 20 processes that are using significant memory or I/O and I can view the memory usage of the processes on the newrelic portal page. However, I do not find any clue about how to get this metrics by newrelic REST API (I can get the CPU usage of processes by REST API). Is it possible to do this?

    Read the article

  • Apache CXF REST Services w/ Spring AOP

    - by jconlin
    I'm trying to get Apache CXF JAX-RS services working with Spring AOP. I've created a simple logging class: public class AOPLogger{ public void logBefore(){ System.out.println("Logging Before!"); } } My Spring configuration (beans.xml): <aop:config> <aop:aspect id="aopLogger" ref="test.aop.AOPLogger"> <aop:before method="logBefore" pointcut="execution(* test.rest.RestService(..))"/> </aop:aspect> </aop:config> <bean id="aopLogger" class="test.aop.AOPLogger"/> I always get an NPE in RestService when a call is made to a Method getServletRequest(), which has: return messageContext.getHttpServletRequest(); If I remove the aop configuration or comment it out from my beans.xml, everything works fine. All of my actual Rest services extend test.rest.RestService (which is a class) and call getServletRequest(). I'm just trying to just get AOP up and running based off of the example in the CXF JAX-RS documentation. Does anyone have any idea what I'm doing wrong? Thanks!

    Read the article

  • Custom Types in WCF Rest

    - by user316341
    I am using the Rest Singleton WCF Service temple from the Rest Starter Kit. The temples uses sample item as its sample Item. i am attempting to replace that sample ITem with a custom type from web reference in my ASP.Net project .dll. The types and name spaces are found and i can replace the sample item in the code. when i run the application i get this error: "Exception has been thrown by the target of an invocation." when this line is executed "return new SingletonServiceHost(serviceType, baseAddresses);" <%@ ServiceHost Language="C#" Debug="true" Service="SAUDServices.Service" Factory="SAUDServices.AppServiceHostFactory"%> using System; using System.ServiceModel; using System.ServiceModel.Activation; using Microsoft.ServiceModel.Web.SpecializedServices; using Stretchatyourdesk; namespace SAUDServices { class AppServiceHostFactory : ServiceHostFactory { protected override ServiceHost CreateServiceHost(Type serviceType, Uri[] baseAddresses) { return new SingletonServiceHost(serviceType, baseAddresses); } } }

    Read the article

  • IEnumerable<T> representing the "rest" of an IEnumerable<T> sequence

    - by Henry Jackson
    If I am walking through an IEnumerable<T>, is there any way to get a new IEnumerable<T> representing the remaining items after the current one. For example, I would like to write an extension method IEnumerator<T>.Remaining(): IEnumerable<int> sequence = ... IEnumerator<int> enumerator = sequence.GetEnumerator(); if (enumerator.MoveNext() && enumerator.MoveNext()) { IEnumerable<int> rest = enumerator.Remaining(); // 'rest' would contain elements in 'sequence' start at the 3rd element } I'm thinking of the collection of a sort of singly-linked list, so there should be a way to represent any remaining elements, right? I don't see any way to do this exposed on either IEnumerable<T> or IEnumerator<T>, so maybe it's incompatible with the notion of a potentially unbounded, nondeterministic sequence of elements.

    Read the article

  • How do I make a request using HTTP basic authentication with PHP curl?

    - by Bedwyr Humphreys
    I'm building a REST web service client in PHP and at the moment I'm using curl to make requests to the service. How do I use curl to make authenticated (http basic) requests? Do I have to add the headers myself? If so I've got some other questions - Is there a REST library for php? or is there a wrapper for curl that makes it a bit more rest friendly? or am I going to have to continue to roll my own? Thanks.

    Read the article

  • RESTful services and update operations

    - by Igor Brejc
    I know REST is meant to be resource-oriented, which roughly translates to CRUD operations on these resources using standard HTTP methods. But what I just wanted to update a part of a resource? For example, let's say I have Payment resource and I wanted to mark its status as "paid". I don't want to POST the whole Payment object through HTTP (sometimes I don't even have all the data). What would be the RESTful way of doing this? I've seen that Twitter uses the following approach for updating Twitter statuses: http://api.twitter.com/1/statuses/update.xml?status=playing with cURL and the Twitter API Is this approach in "the spirit" of REST? UPDATE: PUT - POST Some links I found in the meantime: PUT or POST: The REST of the Story PUT is not UPDATE PATCH Method for HTTP

    Read the article

< Previous Page | 14 15 16 17 18 19 20 21 22 23 24 25  | Next Page >