http://cemerick.com/2010/02/19/securing-web-services-in-a-world-with-few-options/ Against all odds. Wed, 08 Feb 2012 21:48:51 +0000 hourly 1 http://wordpress.com/ http://cemerick.com/2010/02/19/securing-web-services-in-a-world-with-few-options/#comment-459 Sun, 20 Mar 2011 01:41:35 +0000 http://cemerick.com/?p=318#comment-459 [...] Thanks cemerick. Maybe HTTP authentication (basic or digest) over SSL is good enough. Especially to avoid wasting resources and to just get it done.  Assuming I can avoid an ugly browser authentication dialog, which is what I’m going to look into next… Prelude We’re building a web service for which we aim to charge money. Further, the data being pushed around may be confidential or otherwise of a sensitive nature. We have good reasons to do everything we can to ensure that the service is secured “properly”: We don’t want to have customers charged for work that is requested by a bad actor exploiting a security hole (of course, we’d issue a refund and an apology in such a case, but the impact to … Read More [...]

]]>