stackoom
  简体   繁体   中英

API Token Authentication - Security issue

 原文  2019-11-25 05:04:56       rest/ api/ asp.net-web-api

Question

For token based authentication for any service, first we have to send username/password in the request. Doesn't this cause security issue? How can we overcome this security issue of passing username/password?

1 answers

solution1
 0 ACCPTED  2019-11-25 05:08:13

The initial request which contains the username and password is no more or less secure than subsequent requests which would instead be bearing some sort of token. The solution to this problem, really to sending any type of information across the network, is to use two way SSL/HTTPS. With HTTPS, information being sent gets encrypted on the client machine, and then (in theory) only the server would be able to read what is contained. So, sending the plain text username and password might seem insecure, but if using HTTPS, then in fact it is secure.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Rest API JWT token based authentication security | laravel/dingo/jwt Spring Security - Token based API auth & user/password authentication Spring Security 3.2 Token Authentication RESTful API Authentication & Security REST API token authentication Rest API with authentication token Spring Security Authentication with REST API? Spring Security authentication for a REST API WCF: Authentication Service or token-based security? Sentry api authentication issue
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM