0

I have created a Restfull web-service in java that is consumed by an android application. The work is almost done.

Now I feel the need to secure my web-service. I don't want to send a login and password for that purpose, because I'm already asking the user for it, and testing whether he exists in my database or not. What I want is to encrypt exchanged data.

Do you have any idea how can I integrate that ?

Abhijit Chakra
  • 3,201
  • 37
  • 66
ashabasa
  • 311
  • 2
  • 9
  • 20
  • Do you really need to encrypt the data at a higher layer or is it sufficient to use ssl/tls in the first place? I'd recommend the latter. – Fildor May 22 '13 at 11:26
  • I need basic security. I think SSL/TLS would be sufficient. But I really don't know where to start from! I have no experience with security! Can you recommend me a tutorial or whatever ... ? Thanks for the feedback !! – ashabasa May 22 '13 at 11:32
  • 1
    I agree with @Fildor. If you use SSL, then your transmission will be secured with a standard, easy to use, and widely supported method. If you try to one-off, then you have to worry about either storing a key in the app, which risks getting deciphered over time, or coming up with some way to exchange keys, which is basically what SSL is doing. – CodeChimp May 22 '13 at 11:34
  • @ashabasa, Most of the steps depend on what web server you are using. – CodeChimp May 22 '13 at 11:37
  • Can you tell us what server you are using? – Fildor May 22 '13 at 11:42
  • Use SSL. Otherwise you'd need to encrypt/decrypt individual files on each end. – Hot Licks May 22 '13 at 11:42
  • http://stackoverflow.com/questions/853620/secure-web-services-rest-over-https-vs-soap-ws-security-which-is-better – Marcus Adams May 22 '13 at 12:21
  • I'm using Apache Tomcat server. And I'm developing the web service with Java – ashabasa May 22 '13 at 12:33

1 Answers1

4

I recommend you to use HTTPS for your need. SSL/TLS provide better encryption decryption over https. And you don't need to reinvent wheels for this basic purpose. If you are using tomcat to host REST web serivces then here is a simple tutorial to turn on SSL in tocamt

look at this one also

Luke Paul
  • 76
  • 6
  • After Configuring Tomcat To Support SSL Or Https. Is there any code to write ... ? – ashabasa May 22 '13 at 14:29
  • So basicly, the steps I need to follow are this tutorial :http://www.mkyong.com/tomcat/how-to-configure-tomcat-to-support-ssl-or-https/ to configure SSL in my Tomcat, then call the web service using https in stead of http?? – ashabasa May 23 '13 at 13:51