Menu
I have a web site with users and their data accordingly.
What is the safest way to implement web services / API such that users' login credentials and in turn data are secure? oAuth isn't really an option, because usage will not necessarily be in other web apps.
My concern is that having the username and password as an input is dangerous to be transmitted plainly, and a token could also be stolen and reused maliciously.
Do I need to come up with my own method of encrypting and decrypting data, or is there a common practice(s) already in use?
The whole point is that it's as open as possible for anyone in the world to use, but safe by definition nonetheless. Documentation will be available to everyone to use.
641
There's always the WS-Security standard:
WS-Security (Wikipedia)
.NET has its implementations in .NET 1.1 and .NET 2.0 via the Microsoft Web Service Enhancements:
WSE 2.0 (.NET 1.1)
WSE 3.0 (.NET 2.0)
It provides various methods on encrypting the SOAP Envelope before it is sent over the wire, safely transmitting the data inside.
192
What about using an SSL connection?
24
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
