Win a copy of Succeeding with AI this week in the Artificial Intelligence and Machine Learning forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
  • Junilu Lacar
  • Tim Cooke
  • Jeanne Boyarsky
  • Knute Snortum
Saloon Keepers:
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
  • Piet Souris
  • salvin francis
  • fred rosenberger
  • Frits Walraven

Security with REST

author and cow tipper
Posts: 5000
Hibernate Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Security of remote calls is always an issue at architecture review boards. What are currently the best ways to secure remote communications with REST?
Posts: 11962
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As far as security goes, securing a RESTful web application isn't that different from securing a non-RESTful web application. For example, the transport layer is the same so you can use SSL. In Rails, you can use filters around controllers to enforce authentication/authorization regardless of whether or not the controller is RESTful.

Having said that, I don't have much experience with Rails and I'd be curious to hear from Ben how he sees this.
Posts: 29
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Lasse, your answer is exactly correct. You can protect RESTful services just as you protect your standard applications.

The only thing I'd add is that you can also use HTTP Basic authentication if you like - it's built into Rails as of version 2.0, and works very nicely for some scenarios.
If you two don't stop this rough-housing somebody is going to end up crying. Sit down and read this tiny ad:
Two software engineers solve most of the world's problems in one K&R sized book
    Bookmark Topic Watch Topic
  • New Topic