http - Most secure way to secure Jersey REST Services -


i'm looking advice. have system , running on amazon cloud instance bunch of rest services running on jboss. next step secure these services there credit card information flowing through them. need authentication question is, secure methods 1 can use rest services?

ssl ca certs of course encrypt data using ca i'll start of course. go daddy reputable this? or have shell out alot of money verisign?

for authentication, sufficient basic auth or maybe having caller sign request somehow? other methods?

oh forgot mention, client application ipad application. advice.

you want able protect man in middle attacks , prevent replaying of requests. time there payment related information being relayed opt signing request using nonce , timestamp. involves signing request using shared secret between client , server. secret can passed 1 time on login.

use timestamp , client generated unique nonce value part of signed bytes. these values passed headers in request server can reassemble request.

a typical request executed curl might this:

curl -v -h "content-type: application/json" -h "authorization: ff7b93ad-27d0-49f6-90bd-9937951e5fcc:ncyoa5n5s2nfsm7qyvf5hdgl4pmmpoup3zo/uyfaqkg=" -h "x-date:2013-03-28t19:34:00+00:00" -h "nonce:2d1321d32a" -x 'http://localhost/orders/123'

the authorization header contains id identify requester , hash of signed request. date header should within offset of server time (15 mins reasonable limit).

i have full code example here


Comments

Post a Comment

Popular posts from this blog

c# - SharpSVN - How to get the previous revision? -

i trying find efficient way previous revision of file text comparison using sharpsvn. using (svnclient c = new svnclient()) { c.authentication.defaultcredentials = new networkcredential( configurationmanager.appsettings.get("svnserviceusername") , configurationmanager.appsettings.get("svnservicepassword") , configurationmanager.appsettings.get("svnservicedomain") ); c.authentication.sslservertrusthandlers += new eventhandler<svnsslservertrusteventargs>(authentication_sslservertrusthandlers); collection<svnfileversioneventargs> fileversioncollection = new collection<svnfileversioneventargs>(); svnrevisionrange range = new svnrevisionrange(0, this.hooks.revision); svnfileversionsargs args = new svnfileversionsargs(); args.retrieveproperties = true; args.range = range; foreach (svnchangeitem item in log.changedpaths) { string path = this.repositorypath + it...
Read more

c++ - Is it possible to compile a VST on linux? -

for class project i'm attempting write vst plugin backed cuda. current cuda workflow on linux box, i'd prefer compile , link there. according wikipedia , should possible (i couldn't find steinberg documentation relevant linux) can't find makefile or instructions on how build if aren't using xcode or visual studio. i'm vst 3 sdk doesn't support linux. when try compile plugin under linux, error: ./base/source/fatomic.cpp:39:30: fatal error: libkern/osatomic.h: no such file or directory this issue caused following code in "vst3 sdk/base/source/fatomic.cpp" #if mac #include <libkern/osatomic.h> #if mac_os_x_version_min_required > mac_os_x_version_10_4 #define native_atomic_type (volatile int32_t*) #else #define native_atomic_type (int32_t*) #endif #elif windows #include <windows.h> #endif but hope compiling under linux work vst sdk 2.4. reading. jvstwrapper seems run on lin...
Read more

url - Querystring manipulation of email Address in PHP -

i using third party application (email2http) send me emailid, body , message. unable retrieve email id due name appended on , enclosed < , >. here querystring getting. test.php?from=ajay+reddy &subject=cx&body=somebody when print variable in php returns name , not email id. $from = $_get['from']; echo $from; //output ajay reddy please suggest me how can emailid also. i dont want use post method due testing , debugging. it's working fine. forgot use htmlentities() in debugging.
Read more