Y
Y
Ytsu Ytsuevich2015-02-21 23:03:20
RESTful API
Ytsu Ytsuevich, 2015-02-21 23:03:20

rest API. How to transfer the password?

I started learning the Rest API just a couple of days ago, it seems to be nothing complicated.
How best to pass the password to the server from the application, GET or POST method.
Should it be encrypted, if so, then maybe not all languages ​​support encryption algorithms.
And if they support it, then the attackers will immediately understand what it is. (e.g. in my case MD5)

Answer the question

In order to leave comments, you need to log in

1 answer(s)
E
Eugene, 2015-02-26
@eUdaloff

These questions are related to the topic of authentication.
I figured it out myself a couple of months ago.
There are several schemes for working with a rest service. They are briefly described in the article "6 ways: how to add security for Rest service ...
Here they are
1) Basic authentication. Rfc 2617 standard
2) Digest authentication. Rfc 2617 standard
I will add. Changes with this scheme, unlike 1), will affect both client and server Client and server add random values ​​to requests and responses to eliminate reuse vulnerabilities, as well as introduce a password fingerprint "expiration" mechanism
3) Token Authentication
4) Digital Signature (public/private key pair)
5) Certificate Authentication
6) OAuth 2.0. rfc 6749 standard . There are 4 "modes" in this circuit. One of them works like 3). Which and when is suitable is well described in the book "Getting Started with OAuth 2.0"

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question