Hi Peter, I'm reading up on http authentication, and maybe I just need it to digest.
I understand how it passes creates the user/pass string and passes it and decodes it, and if I want true encryption to use SSL.. BUT, is it just passing a username/password form field? My app has a username/password database. Would I just use the username/password values sent via httpAuth the same I would if someone submitted username/password via a form field? On Tue, Jul 24, 2012 at 11:30 AM, Peter J. Farrell <[email protected]> wrote: > Matthew Woodward said the following on 07/23/2012 02:16 PM: > >> And don't forget since this is just HTTP you can secure this in the web >> server using anything available at that level as well. > > In the world, you'll see all sorts of made up login / security schemes for > REST. Really all they do is annoy the developer trying to use your API. > The best, simplest and foolproof method is to use Basic HTTP authentication > over SSL. Basically all languages (and I'd like to hear of one that > doesn't) supports sending Basic HTTP Auth credentials. And all decent tools > command line should too (like Curl, etc.). > > -- > Peter J. Farrell > OpenBD Steering Committee / Mach-II Lead Developer > [email protected] > [email protected] > http://blog.maestropublishing.com > Identi.ca / Twitter: @maestrofjp > > > -- > online documentation: http://openbd.org/manual/ > http://groups.google.com/group/openbd?hl=en -- online documentation: http://openbd.org/manual/ http://groups.google.com/group/openbd?hl=en
