Reputation: 9043
Secure Webservice?
I'm trying to create a secure webservice (that provides simple database data) with PHP that can be connected to through my Silverlight application. I don't know enough about PHP to be able to see another way to do this.
The webservice should only be accessible through the client, and only with the proper username/password.
The only two ways I can imagine to do this would be by passing the username/password hash via URL, or use a "hidden form" and do it via POST_.
I'm just trying to get past this point, I'm the sole developer on this project and I'm just trying to get past this PHP webservice part so I can get back to being an application programmer :)
Normally, I would learn PHP, but I'm on the clock, so I'm just looking for a point in the right direction on how to achieve this!
Upvotes: 3
Views: 1621
Answers (2)
Reputation: 305
Just use SSL and HTTP basic authentication, headers are encrypted so they won't see your username/password this way.
Upvotes: 1
Reputation: 53921
You put your service behind SSL, and send the username password in the clear.
You should use POST as the url may be cached along the way, showing your credentials.
You can use either json, xml or a query string (simple form post) to pass parameters.
That's it!
Upvotes: 6
Related Questions
- Securing a PHP webservice for application access only
- Web Service Authentication - PHP
- How to secure a php based webservice
- Securing a PHP Web service (SOAP)
- Secured ASP.NET web service and php
- Securing PHP web service calls
- secured web service php/json
- how can i implement Web Service Security?
- Security when writing a PHP webservice?
- Webservice security - What is the best option?