stackoom
  简体   繁体   中英

Critical Information In REST URI

 原文  2014-02-21 08:31:48       spring/ rest/ spring-mvc

Question

I am developing a Spring MVC web service. I am trying to use best practices of REST URI design. For example for getting an account the URI will be 

GET   http://blablabla.com/api/accounts/123

My question is what if the account number/id is critical information and must not be in URI. What is the best approach of URI design if the id that defines the resource is a critical information of a system. Should web service get the id in request header or body? Or hash the id and contain it in URI?

Thanks in advance.

2 answers

solution1
 1 ACCPTED  2014-02-21 08:40:38

If by "critical" you mean sensitive/secure, I'd keep URI design AS IS, and put whole session under HTTPS , that way it would be much harder for someone to eavesdrop on the URL itself. See for instance this question

If you mean that information is so sensitive that you don't even trust access logs in your own datacenter, then you have no choice other than put it into the body of the request. Headers are not for useful payload.

solution2
 0  2014-02-21 08:38:38

使用TLS和身份验证,您的痛苦就会消失。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring REST URI existence check Getting information for rest template Spring Data Rest modify Repository method URI External URI Post Gettoken REST SPRING JAVA only heat a URI, not wait for responce in Spring Rest Spring REST Service - Set the Root URI Consume REST Web Service from relative uri Spring REST-ful uri with optional querystring Accepting a Spring Data REST URI in custom controller Stream through methods to find Rest mapping information
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM