I'm working on a soap webservice that needs some basic authentication.
So the idea is to just require that all webservice methods contain a username and password parameter, and then verify that those values exist in our users database:
public String[][] someWebserviceMethod(String username, String password) throws FailedLoginException {
// Verify that user with username and password exists
//do database stuff and return data
}
This does raise a problem on the client side. After the user initially logs in to the application, we'll need to store the username and password in memory as plain text. Is that acceptable? If not what is the preferred method?
Also, my webservice will be hosted on https. Does this ensure that the password is securely encrypted when the client sends a soap request?
Edit: Would a sessionID work? I've never implemented one without a framework or web server doing it for me. Maybe something like this:
Yes HTTPS - S stands for secure and it encrypts all communication. But u can always use some other encryption methods like MD5, SHA-1 and more common ones. If you are doing this for some basic training it's ok to store the data in plain text /json without any encryption, otherwise check out these hash functions:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.