On Wed, Oct 15, 2014 at 11:18 AM, Ayesha Dissanayaka <[email protected]> wrote:
> Hi all, > > I have implemented ES Publisher REST API in order to access and perform > CRUD operations on ES -BackOffice. > > Each endpoint is authenticated by a valid Session-ID, passed to the > endpoint in request header. > > In-order to obtain a session-ID we have implemented a separate > authenticate REST endpoint. A user can send username and password in the > POST request to this endpoint and if credentials are valid a session-id > will be returned. > > Currently, no encryption or other (basic-aouth/aouth) authorization > mechanism is yet implemented. > > What would be the lightweight and best way to secure this 'authentication' > endpoint? Is there a particular wso2 way of doing this? > I assume you need to get a recommendation for securing all the REST APIs, whether to use OAuth, Basic Auth etc. as you have secured it based on the cookie, right?? Anyway, in order to secure the auth endpoint, you will have to at least use HTTPS. > > Thanks! > - Ayesha > > -- > *Ayesha Dissanayaka* > Software Engineer, > WSO2, Inc : http://wso2.com > <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> > 20, Palmgrove Avenue, Colombo 3 > E-Mail: [email protected] <[email protected]> > -- *Ruchira Wageesha**Associate Technical Lead* *WSO2 Inc. - lean . enterprise . middleware | wso2.com <http://wso2.com>* *email: [email protected] <[email protected]>, blog: ruchirawageesha.blogspot.com <http://ruchirawageesha.blogspot.com>, mobile: +94 77 5493444*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
