Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’ve had this REST Server (written by myself) that is secured by simple HTTP Authentication.
Now I re-wrote the app using backbone.js and I am unsure how to go about authenticating my client. If i do it in JS user/pass would be visible.
So how should I modify my server or my client side JS to be secure?
Previously I just gave user & pass in PHP for each request to REST Server, please guide me, Thanks.
Okay I had a discussion with my colleague and came up with the best idea so far:
Make a simple controller in your Client Side (site) and name it as RESTAPI, it will just act as a wrapper to your actual REST Server.
When a user logs into your site, his session get’s created. The RESTAPI controller knows credentials to your HTTP Authed actual REST server and it hits REST Server on backbone’s behalf.
Example: If I have to fetch
from REST Server, now instead i’ll hit this url in backbone collection
The RESTAPI Controller also first checks that the requesting user has a proper session on the site and weather he is allowed to fetch the resource or not.
So no worries about insecure cookies or leaving your REST Server pass in plain JS or using any other obscure method 🙂