As RESTful web services work with HTTP URLs Paths so it is very important to safeguard a RESTful web service in the same manner as a website is be secured. Following are the best practices to be followed while designing a RESTful web service −
- Validation − Validate all inputs on the server. Protect your server against SQL or NoSQL injection attacks.
- Session based authentication − Use session based authentication to authenticate a user whenever a request is made to a Web Service method.
- No sensitive data in URL − Never use username, password or session token in URL , these values should be passed to Web Service via POST method.
- Restriction on Method execution − Allow restricted use of methods like GET, POST, DELETE. GET method should not be able to delete data.
- Validate Malformed XML/JSON − Check for well formed input passed to a web service method.
- Throw generic Error Messages − A web service method should use HTTP error messages like 403 to show access forbidden etc.
No comments:
Post a Comment