Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I have an html5 webapp that fetches data using jquery from rest java api. I have two questions:
How can I encrypt data on server and decrypt it locally with different key for each user. Where can I store this key in client side? Does it needed, or it is just enough to secure the rest service call with some authentication method?
Is there any standard way to prevent other rest clients (except browsers) to hit this rest api?
use HTTPS
Use authentication so you know who is hitting it - oauth, client certificates, session token - but there's nothing you can really do to prevent anything other than a browser accessing it. You could make it harder by rapidly recycling the authentication token using javascript (but this will break in horrible ways if the user opens more than one window).
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
So RESTful APIs are stateless wherein the server does not store any state about the client session on the server side.
And consistent hashing in load balancing is used to associate a client with a server, ie, all requests from a given client will be directed to a given server only (amongst a group of servers) because that server has some data stored in it about that client.
So, if our server uses RESTful APIs then is there no need for consistent hashing while load balancing?
Not necessarily. While RESTful APIs are stateless, your server isn't. Server-side caching doesn't violate the constraints of REST. If a server is able to keep information from a client in its cache, it could make a significant difference if future requests are made to that server instead of to another one which may need to perform more work to retrieve the client's data.
It is very situational, however, so I can't speak to your specific server setup!
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I need to launch an application on a remote system from Java. I know the IP address and the location of the executable batch file on the remote system. I am trying to get it done with PSExec but I can't seem to get it to work due to domain issues.
One suggestion was to use REST API instead. I don't see any info on using REST to launch an application. So anyone who can tell me if this is possible?
REST is about resource state manipulation via their representations on the top of stateless communication between client and server. REST is an architectural style and it's protocol independent but, in practice, it's commonly implemented on the top of the HTTP protocol.
Can I use REST APIs to remotely launch an application?
If you can represent your application state as a resource, so you can probably create a REST API to manage it.
In practice, your server can provide a set of URLs to locate the resources and their state can be manipulated via HTTP verbs and representations such as JSON and/or XML.
HTTP headers can be used to exchange some metadata about the request and response while HTTP status code should be used to inform the client regarding the status of the operation.
Keep it stateless by storing all session context in the client.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I am creating a spring boot web app using jhipster and mongodb as primary database. Need to implement Oauth2 for authentication along with JWT token mechanism so that every request does not hit the database for authentication. How can I implement this mechanism?
MongoDB (or any database) is not particularly relevant to the JWT authentication since the JWT itself can be validated locally by the resource server using the public key of the authorization server without going to the database (as you say).
The key is using a JwtTokenStore
I found this github sample helpful: https://github.com/dsyer/spring-security-angular/tree/master/oauth2
I also created a basic jwt implementation with jhipster for you to look at. Here are the changes from what jhipster generated for me: https://github.com/sdoxsee/jwt-jhipster/commit/40090fcf4fab1b556ae28532c4ba8a33e70460c9
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
What are the best practices for creating a user authentication system for an ios application? Any good tutorials or insights on the process are helpful (newbie).
Stormpath is an authentication and user management backend service aimed at developers. You manage your own collection of users, verify their logins, and assign users to groups (roles). Your app makes calls to their server.
Parse provides a Parse Social service that lets your app do user authentication through Facebook or Twitter. Parse is being acquired by Facebook (as of 2013-04), so I don't know what that means for their future.
Okta is another.
Mozilla Persona is quite promising, but may not yet be ready for the real world. There is an open-source kit for iOS named persona-ios. Read a discussion on How to use Persona in a native iOS app?.
User authentication and identity as as service seems to be a new but burgeoning field.
If you are using a third party backend the stackmob, parse etc all handle authentication. If you are rolling your own then this project looks a reasonable way to go: http://quickblox.com/developers/SimpleSample-users-ios.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
What are the best options to encrypt the data in iPhone?
I want to send the encrypted key over the network. Please suggest.
Unless you have a good understanding of cryptography use SSL/HTTPS. It's designed for transferring data securely over the net.
Assuming that you are connecting with a web server over HTTP, then install an SSL certificate on the web server and you will be able to use HTTPS. All you need to do in your code is change the URLs from http:// to https://.
If you need to add an additional layer of security, then I recommend that you look into the CommonCryptor library and using CCCryptorCreate/CCCryptorUpdate/CCCryptorFinal methods.
unlike Mac OS X, iPhone doesn't have openSSL included. You can compile and add it in if you want, but HTTPS is far, far easier.
If you are using a socket connection, you can use TLS.
If you want to tread the hard way, check this out. You don't have to write a custom algo to encrypt/decrypt data. You may try out the encryption/decryption supported in the iOS.