greptilian logo

IRC log for #rest, 2014-09-07

#rest on freenode has been logged here from May 2014 until end of July 2018 but logging has been suspended because the channel has been riddled with spam since August 2018 with no end in site. See the following blog posts about the problem:

Until the spam problem has been dealt with and logging can resume, please visit our wiki at https://trygvis.io/rest-wiki/

Thanks.

| Channels | #rest index | Today | | Search | Google Search | Plain-Text | plain, newest first | summary

All times shown according to UTC.

Time S Nick Message
04:06 proteusguy joined #rest
04:15 fumanchu_ joined #rest
08:07 adaro joined #rest
10:02 Left_Turn joined #rest
11:04 DrCode joined #rest
13:28 adaro joined #rest
13:46 proteusguy joined #rest
14:09 liamkeily joined #rest
15:54 liamkeily joined #rest
16:03 _ollie joined #rest
18:17 _ollie joined #rest
18:27 _ollie joined #rest
18:55 liamkeily joined #rest
19:12 ruibrito joined #rest
19:26 ruibrito pdurbin: I have this web app, and I have to do some sort of authentication with a AWS account, my question is, should my user insert the credentials once (at login) and I save the credentials in the Web App for future operations until the logout. Or should my user send the credentials information for every operation
19:28 adaro joined #rest
19:30 pdurbin probably better security to not store the credentials if you don't have to. might have upset users if your database is compromised
19:32 ruibrito pdurbin: the 1st version does not have a DB, but probably it will in the future. So far I don't have to store the credentials anywhere, I just don't know if it is secure to be sending the credentials in every request
19:33 ruibrito pdurbin: on account that the requests can be (in some malicious way) intercepted
19:33 pdurbin should be fine if it's over SSL
19:33 pdurbin what kind of authentication does AWS support? OAuth?
19:36 ruibrito pdurbin: I have to admit I am not sure, I know it is possible to have different kind of signature requests, but I am using the JAVA SDK (server side) for interacting with AWS
19:36 pdurbin ah
19:37 pdurbin nice that there's an sdk
19:40 ruibrito pdurbin: you mentioned doing my requests with HTTPS, is there some options I should select is my ajax (client ide) to perform the communication in SSL?
19:41 pdurbin hmm, I think of it more as forcing https on the server side
19:42 ruibrito pdurbin: you mean my Server with AWS?
19:43 pdurbin wherever your web app is hosted from
19:45 ruibrito pdurbin: the SDk handles the communication from my Server to the AWS Server, my concern is the (insecure) communication from my server to the client? I think I should use SSL in account that I send the credentials in the POST, correct?
19:46 pdurbin yep. sounds good. POST over SSL
19:46 ruibrito pdurbin: Ok I have to look how to make the communication over SSL in my ajax request
19:47 ruibrito pdurbin: another thing, is cookies a good solution for keeping the credentials saved in my client?
19:49 pdurbin seems to be the received wisdom here: http://irclog.greptilian.com/rest/2014-06-18#i_69253
19:54 ruibrito pdurbin: then I am glad IRC still lives :D
19:54 pdurbin me too
19:55 ruibrito pdurbin: i read the log, guess I will be the one pulling an all nighter making some major changes to my code and implementing some of those good cookies, to see how they respond
19:55 pdurbin better grab some coffee
19:57 ruibrito pdurbin: I already have all the Java I can take
19:59 ruibrito pdurbin: thanks for the support my friend :)
20:15 liamkeily joined #rest
20:30 pdurbin free advice costs nothing until you act upon it
20:46 _ollie joined #rest
20:51 cigarshark joined #rest
20:51 begriffs joined #rest
21:25 DrCode joined #rest
21:27 adaro joined #rest
21:29 liamkeily joined #rest
21:36 begriffs_ joined #rest

| Channels | #rest index | Today | | Search | Google Search | Plain-Text | plain, newest first | summary

#rest on freenode has been logged here from May 2014 until end of July 2018 but logging has been suspended because the channel has been riddled with spam since August 2018 with no end in site. See the following blog posts about the problem:

Until the spam problem has been dealt with and logging can resume, please visit our wiki at https://trygvis.io/rest-wiki/

Thanks.