stackoom
  简体   繁体   中英

Passing a password to a web service and storing it

 原文  2015-05-27 17:00:37       c#/ postgresql/ security/ passwords

Question

What is the proper way of passing a password to a web service via restful api (when a user is registering or just logging in)? How should I store it?

From what I was thought, I should only store hashes, for example MD5. But from what I can read in the Internet it appears to be rather easy to just look up a hash in a "hash rainbow table" - so storing a hash would be equal to storing a clear text. How to do it properly?

Info:

  • .NET, C#
  • PostgreSQL

1 answers

solution1
 3 ACCPTED  2015-05-27 17:16:27

The way to pass username and password to a REST service is to use the basic authentication scheme over HTTPS. HTTPS should protect your password from being stolen in transit.

As I explain in my answer here , it's not a good idea to use basic authentication for your services. You would be better of using a Security Token Service ( STS ) and use bearer authentication

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Passing Json to the Web Service Add login and password to Web Service Trouble passing JSON to a Web service Passing a file upload to a web service Passing custom objects to a web service WCF: Passing Username and password to another service (No Https) Web Service Passing parameter Class Passing date to ASMX web service Passing lot of parameters into Web Service Passing an Xml from a Web Service
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM