On Fri, Nov 2, 2012 at 12:06 AM, Rajiv Yadav <rajivyada...@gmail.com> wrote:
> Hi i am developing an application which uses restful services. (near about
> 30 restful methods some are using "get" and some of are "post")
> It is working fine but in each call throughout the application i need to
> send some secure data (like username, password in some encrypted form).
>
> my question is is there any secure way for this? please suggest
Yes. You login into the application once with a {username, password}
pair. You never use the {username, password} again in a request (until
the server expires the session). If the server expires the session,
then you have to log in again. In return for a successful log in, you
get a token to use on future requests. This is coarse grained
entitlements (can you use the application?).
When a request arrives at the server for services, the request
includes the token. The server provides the mapping between
token->user. This is fine grained entitlements (can the user access
the resource?).
If I see a web app cross my desk that uses {username, password} in
each request, then I boot the application immediately. Just giving you
fair warning here since I'm not the only guy who will deny such an
application.
Jeff
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To post to this group, send email to android-security-discuss@googlegroups.com.
To unsubscribe from this group, send email to
android-security-discuss+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/android-security-discuss?hl=en.
