摘要式身份验证以访问其余的Web服务
[英]Digest Authentication to access rest web services
问题描述
Hello I'm developing a mobile client that will consume some exposed rest web services. 
您好,我正在开发一个移动客户端,它将使用一些公开的其余Web服务。 But before that we need to add security to them. 但是在此之前,我们需要为它们增加安全性。 I have been looking at HTTP Basic and Digest Authentication, however since I cannot use an https connection, don't think this would be the best approach to securing my resources... Other posts have suggested using session cookies for the authorization... but in that case how could I avoid sending raw password through my connection while authenticating??. 我一直在研究HTTP基本和摘要式身份验证,但是由于无法使用https连接,因此不要以为这是保护我的资源的最佳方法...其他帖子建议使用会话cookie进行授权...但是在那种情况下,如何避免验证时通过连接发送原始密码?
1 个解决方案
解决方案1
0 2012-01-27 02:03:19
This question on restful authentication might have what you are looking for. 有关静态身份验证的问题可能具有您所需要的。 Authenticate once and have the server store a session-independent cookie containing an encrypted key for future authentication. 进行一次身份验证,并让服务器存储与会话无关的cookie,该cookie包含用于将来身份验证的加密密钥。 The only issue then is performing the first authentication without using plain text. 然后,唯一的问题是不使用纯文本执行第一次身份验证。 Basic & Digest will hash the credentials for you but are still not entirely secure if not over secure communications. Basic&Digest将为您散列凭据,但如果不通过安全通信,则仍不是完全安全。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.