I am planning an application that will have a web front end (maybe ember) but I want to keep my options open for a native desktop application and/or an android application. I would like the all of the backend logic to be exposed as a RESTful service. The problem that arises in my mind is about user authentication. Since a RESTful service can't keep state on the server, I would need to keep it on the client in javascript. However this is wildly insecure do to the fact that users have the ability to edit the javascript data. What is the correct way to make a client side application communicate with a RESTful backend? I realize that I could just store state on the server anyways(inside the session object), but i would like to follow the REST paradigm. What is the de facto solution for this problem? Thanks in advance.
Asked
Active
Viewed 51 times
2
-
Enable user authentication for your REST services. – Luiggi Mendoza Jul 25 '14 at 02:04
-
See http://stackoverflow.com/questions/6068113/do-sessions-really-violate-restfulness – Catchwa Jul 25 '14 at 02:23
-
@LuiggiMendoza Would you care to elaborate on that at all? – Justin Jul 25 '14 at 22:56