thanks guys! I found this interesting post that seems to address exactly what I need:
http://www.whatcodecraves.com/articles/2008/11/25/how_to_make_an_api_for_a_rails_app/ On Jan 13, 2:38 pm, "Andrew Timberlake" <[email protected]> wrote: > On Tue, Jan 13, 2009 at 3:20 PM, phil <[email protected]> wrote: > > > Sorry... what? Your answer is somewhat cryptic... > > > Are you recommending http basic? > > > On Jan 13, 1:16 pm, Frederick Cheung <[email protected]> > > wrote: > > > On 13 Jan 2009, at 11:08, phil wrote: > > > > > isn't that a security hole? > > > > Is there a way around this with some sort of authentication on the > > > > method? (http basic for instance)? > > > > Could I do what you suggest but then also code the method to use that? > > > > You're not going to want to have crsf tokens and what not for an api. > > > It doesn't make any sense. Use http basic, restrict it to requests > > > from the internal network, use api tokens etc... etc... > > > The world is your oyster. > > > > Fred > > request forgery protection is to protect against things like cross-site > scripting. > For an API, you should probably be protecting requests via an authentication > method which could include http basic authentication, you could also use an > API token where a unique (to the user of the API) token is sent with every > request. > > -- > Andrew > Timberlakehttp://ramblingsonrails.comhttp://www.linkedin.com/in/andrewtimberlake > > "I have never let my schooling interfere with my education" - Mark Twain --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
