What is the proper way of passing a password to a web service via restful api (when a user is registering or just logging in)? How should I store it?
From what I was thought, I should only store hashes, for example MD5. But from what I can read in the Internet it appears to be rather easy to just look up a hash in a "hash rainbow table" - so storing a hash would be equal to storing a clear text. How to do it properly?
Info:
The way to pass username and password to a REST service is to use the basic authentication scheme over HTTPS. HTTPS should protect your password from being stolen in transit.
As I explain in my answer here , it's not a good idea to use basic authentication for your services. You would be better of using a Security Token Service ( STS ) and use bearer authentication
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.