• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Jeanne Boyarsky
  • Liutauras Vilda
Sheriffs:
  • Rob Spoor
  • Bear Bibeault
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Piet Souris
Bartenders:
  • Frits Walraven
  • Himai Minh

Security with REST

 
author and cow tipper
Posts: 5000
1
Hibernate Spring Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Security of remote calls is always an issue at architecture review boards. What are currently the best ways to secure remote communications with REST?
 
author
Posts: 11962
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As far as security goes, securing a RESTful web application isn't that different from securing a non-RESTful web application. For example, the transport layer is the same so you can use SSL. In Rails, you can use filters around controllers to enforce authentication/authorization regardless of whether or not the controller is RESTful.

Having said that, I don't have much experience with Rails and I'd be curious to hear from Ben how he sees this.
 
author
Posts: 29
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Lasse, your answer is exactly correct. You can protect RESTful services just as you protect your standard applications.

The only thing I'd add is that you can also use HTTP Basic authentication if you like - it's built into Rails as of version 2.0, and works very nicely for some scenarios.
 
Good heavens! What have you done! Here, try to fix it with this tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
reply
    Bookmark Topic Watch Topic
  • New Topic