Making a secure Web service

Get Started | Login

Discussion Forums > Plugins, Customizing, Source Code

Replies: 5 Views: 104

CMCOFFEE Android Fan Posts: 2017 Reg: Jan 04, 2013 Amarillo, Texas 26,670	confirm \| cancel 04/21/15 10:56 AM (9 years ago) Making a secure Web service I want to be able to access data from my server securely from the app. What is the best approach? From searching the web, I've mostly seen oauth 2.0. What do you all think? Title Comments I want to be able to access data from my server securely from the app. What is the best approach? From searching the web, I've mostly seen oauth 2.0. What do you all think?

SmugWimp Smugger than thou... Posts: 6316 Reg: Nov 07, 2012 Tamuning, GU 81,410	04/21/15 08:46 PM (9 years ago) Wouldn't SSL work ok? Just curious... Cheers! -- Smug Comments Wouldn't SSL work ok? Just curious... Cheers! -- Smug

CMCOFFEE Android Fan Posts: 2017 Reg: Jan 04, 2013 Amarillo, Texas 26,670	04/22/15 08:02 AM (9 years ago) That's what I was thinking. Then from stack overflow posts I seen people suggest oauth too so not sure Comments That's what I was thinking. Then from stack overflow posts I seen people suggest oauth too so not sure

SmugWimp Smugger than thou... Posts: 6316 Reg: Nov 07, 2012 Tamuning, GU 81,410	04/22/15 02:42 PM (9 years ago) How valuable is the data? That would probably be my biggest factor. If it's for a paid product, I'd want a little more security than normal. But it seems reasonable to assume that if you used a user/pass with ssl it would be 'at least' as secure as the web it's hosted on, and hopefully that would be enough. Without much additional code or work. I hope, lol! Just my 2¢ Cheers! -- Smug Comments How valuable is the data? That would probably be my biggest factor. If it's for a paid product, I'd want a little more security than normal. But it seems reasonable to assume that if you used a user/pass with ssl it would be 'at least' as secure as the web it's hosted on, and hopefully that would be enough. Without much additional code or work. I hope, lol! Just my 2¢ Cheers! -- Smug

CMCOFFEE Android Fan Posts: 2017 Reg: Jan 04, 2013 Amarillo, Texas 26,670	04/22/15 06:46 PM (9 years ago) Cool thanks.I'm going to do that Comments Cool thanks.I'm going to do that

Niraj buzztouch Evangelist Posts: 2943 Reg: Jul 11, 2012 Cerritos 37,930	04/25/15 09:26 AM (9 years ago) It's four things to manage: 1. Authentication -- are you the right person? 2. Access Control -- what is your role and what permissions do you have? What actions are you allowed to do? To what data? 3. Data in transit -- does the data in motion between Server and Client need to be encrypted? 4. Data at rest -- what Server data and Client data needs to be encrypted on the drives? With those questions, your security posture gets defined. Then you can put in the appropriate mechanisms for that security model. Does that help? Let us know as you ponder and discover and implement! -- Niraj Comments It's four things to manage: 1. Authentication -- are you the right person? 2. Access Control -- what is your role and what permissions do you have? What actions are you allowed to do? To what data? 3. Data in transit -- does the data in motion between Server and Client need to be encrypted? 4. Data at rest -- what Server data and Client data needs to be encrypted on the drives? With those questions, your security posture gets defined. Then you can put in the appropriate mechanisms for that security model. Does that help? Let us know as you ponder and discover and implement! -- Niraj

Login + Screen Name Required to Post Login to participate so you can start earning points. Once you're logged in (and have a screen name entered in your profile), you can subscribe to topics, follow users, and start learning how to make apps like the pros.