Hello I'm developing a mobile client that will consume some exposed rest web services. But before that we need to add security to them. I have been looking at HTTP Basic and Digest Authentication, however since I cannot use an https connection, don't think this would be the best approach to securing my resources... Other posts have suggested using session cookies for the authorization... but in that case how could I avoid sending raw password through my connection while authenticating??.
Asked
Active
Viewed 4,372 times
1 Answers
0
This question on restful authentication might have what you are looking for. Authenticate once and have the server store a session-independent cookie containing an encrypted key for future authentication. The only issue then is performing the first authentication without using plain text. Basic & Digest will hash the credentials for you but are still not entirely secure if not over secure communications.
Community
- 1
- 1
willscripted
- 1,438
- 1
- 15
- 25