Reputation: 97
Secure web services using Symfony
So I have Symfony project which is also in charge of database abstraction and the data layer. In short - all data requests should go through it.
Now I want to have external components that will want to query / update stuff in the database, using web service API that I expose.
Question: How do I make sure these web services are running inside a secure channel? I don't want unauthorized users to update my database, and I don't want eavesdroppers get hold of sensitive data. Is setting up client authentication using PKI a viable option? or is it overkill? What's the way this is tackled?
Thanks! -DBG
Upvotes: 0
Views: 597
Answers (1)
Reputation: 11581
First of all, you if you have a limited number of service users, and know their ips, you can restict access to ceirtain urls by ips. Next, have a look at Practical symfony, where they embed an authentication token into the url.
Upvotes: 2
Related Questions
- Symfony2 authentication using a webservice
- Symfony2 secure whole controller
- Security In Symfony2?
- symfony working with Web Service
- Authentication via rest with symfony2
- Symfony2 authenticating users through a webservice
- Security in Symfony2
- How to implement Authentication as a Web Service (Symfony2, REST)
- Secure RESTful web service using Symfony2
- How to Secure an SOA style Symfony2 Application