File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Ruby and the fly likes Security with REST Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Languages » Ruby
Bookmark "Security with REST" Watch "Security with REST" New topic

Security with REST

Cameron Wallace McKenzie
author and cow tipper
Saloon Keeper

Joined: Aug 26, 2006
Posts: 4968

Security of remote calls is always an issue at architecture review boards. What are currently the best ways to secure remote communications with REST?
Lasse Koskela

Joined: Jan 23, 2002
Posts: 11962
As far as security goes, securing a RESTful web application isn't that different from securing a non-RESTful web application. For example, the transport layer is the same so you can use SSL. In Rails, you can use filters around controllers to enforce authentication/authorization regardless of whether or not the controller is RESTful.

Having said that, I don't have much experience with Rails and I'd be curious to hear from Ben how he sees this.

Author of Test Driven (2007) and Effective Unit Testing (2013) [Blog] [HowToAskQuestionsOnJavaRanch]
Ben Scofield

Joined: May 20, 2008
Posts: 29
Lasse, your answer is exactly correct. You can protect RESTful services just as you protect your standard applications.

The only thing I'd add is that you can also use HTTP Basic authentication if you like - it's built into Rails as of version 2.0, and works very nicely for some scenarios.
It is sorta covered in the JavaRanch Style Guide.
subject: Security with REST
It's not a secret anymore!