OAuth protocol is widely used for authorization of logging in users. Some famous social gaming platform companies like Line, Mobage, Gree, and DMM have also adapted this technology to develop their REST API.
You might have a question - is it secure enough to only use OAuth for REST API ?
From my experience, the answer is no.
Even if you adapt OAuth 2.0 to your REST system, your system still could be vulnerable to Man-In-Middle Attack. Because OAuth is based on HTTP protocol, you must set up SSL encryption protocol to assure your message being sent over HTTPS. Otherwise, the hacker can wiretap your communication and retrieve your account and password from wire packets.
In terms of development, it is actually very easy to develop a secure REST API server with high performance using Spring framework. I already created a very simple template at github. You just need to configure some settings and modify API controller files of Java as needed.
The source codes of Secure REST API Server can be seen here
No comments:
Post a Comment