I concur with Mitch, RESTful authentication is done per request -- there are
lots of good ways to do it; if each request contains sufficient information to
be independently authenticated and acted upon by the server, it's RESTful.
It sounds from your description that you might be building
I have only just started mussing over the very same idea. In my
thinking the URLs would be much more readable. The core user resource
would be something like http://example.com/users/{uname} To use this
for authentication purposes, an application would receive credentials
from the user,
No, SSL operates at the transport layer. It is not sniffable in transit.
One highly undesirable feature, though, is that it will be recorded in
logfiles, which are generally not treated with care.
- Original Message -
From: Mitch Stewart [EMAIL PROTECTED]
To:
Well, I told you I only just started noodling. You're absolutely right
of course.
Another solution that comes to mind, is to mimic LDAP. In this case,
the authenticating application, actually binds to the user resource as
the authenticating user using Basic/SSL. This keeps the user's
Googling... Googling... Rob's right. The URL will not be visible if SSL
is in use. His latter point is valid though. So my second suggestion
is currently feeling better.
Pete
Rob Heittman wrote:
No, SSL operates at the transport layer. It is not sniffable in transit.
One highly
Thanks Rob for the clarification, it seems the URL/query parameters are
encrypted before any data is sent.
Mitch
-Original Message-
From: Peter Lacey [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 02, 2007 3:13 PM
To: discuss@restlet.tigris.org
Subject: Re: Restful
6 matches
Mail list logo