wood burning stoves 2.0*
The moose likes Ruby and the fly likes Security with REST Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Languages » Ruby
Bookmark "Security with REST" Watch "Security with REST" New topic
Author

Security with REST

Cameron Wallace McKenzie
author and cow tipper
Saloon Keeper

Joined: Aug 26, 2006
Posts: 4968
    
    1

Security of remote calls is always an issue at architecture review boards. What are currently the best ways to secure remote communications with REST?
Lasse Koskela
author
Sheriff

Joined: Jan 23, 2002
Posts: 11962
    
    5
As far as security goes, securing a RESTful web application isn't that different from securing a non-RESTful web application. For example, the transport layer is the same so you can use SSL. In Rails, you can use filters around controllers to enforce authentication/authorization regardless of whether or not the controller is RESTful.

Having said that, I don't have much experience with Rails and I'd be curious to hear from Ben how he sees this.


Author of Test Driven (2007) and Effective Unit Testing (2013) [Blog] [HowToAskQuestionsOnJavaRanch]
Ben Scofield
author
Greenhorn

Joined: May 20, 2008
Posts: 29
Lasse, your answer is exactly correct. You can protect RESTful services just as you protect your standard applications.

The only thing I'd add is that you can also use HTTP Basic authentication if you like - it's built into Rails as of version 2.0, and works very nicely for some scenarios.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Security with REST