Menu
I apologize if my questions seems to be repetitive but I couldn't find a answer for this yet.
I am building a REST based application using Spring 3.0 and plan to deploy to Google App Engine eventually. Now my clients could be Native Android, iPhone, or a Web Based Client.
My users need to login using username and password stored in server inside a persistence layer. Now say my Android client opens the app and login screen is shown is user. Now user types in username and password.
I know it would be a post and say my service endpoint is registration. So it would be something like
POST /registration
Now I plan to put username and password in body of message in Json or XML format. My question is "is this the right way to do it?" I am planning to make it SSL but how should I really send this sensitive info like this in body . I plan to return an OAUth token on successful authentication and use that to validate the user in all future services calls.
Thanks in advance.
342
Sounds like you have the right idea. SSL should ensure whichever method you choose to send it in is secure.
Remember to salt + hash the passwords before storing them: web cryptography - salted hash and other tasty dishes
57
Use the authorization header for sending the username and password information. That's what it is there for.
36
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
