| Time |
S |
Nick |
Message |
| 04:06 |
|
|
proteusguy joined #rest |
| 04:15 |
|
|
fumanchu_ joined #rest |
| 08:07 |
|
|
adaro joined #rest |
| 10:02 |
|
|
Left_Turn joined #rest |
| 11:04 |
|
|
DrCode joined #rest |
| 13:28 |
|
|
adaro joined #rest |
| 13:46 |
|
|
proteusguy joined #rest |
| 14:09 |
|
|
liamkeily joined #rest |
| 15:54 |
|
|
liamkeily joined #rest |
| 16:03 |
|
|
_ollie joined #rest |
| 18:17 |
|
|
_ollie joined #rest |
| 18:27 |
|
|
_ollie joined #rest |
| 18:55 |
|
|
liamkeily joined #rest |
| 19:12 |
|
|
ruibrito joined #rest |
| 19:26 |
|
ruibrito |
pdurbin: I have this web app, and I have to do some sort of authentication with a AWS account, my question is, should my user insert the credentials once (at login) and I save the credentials in the Web App for future operations until the logout. Or should my user send the credentials information for every operation |
| 19:28 |
|
|
adaro joined #rest |
| 19:30 |
|
pdurbin |
probably better security to not store the credentials if you don't have to. might have upset users if your database is compromised |
| 19:32 |
|
ruibrito |
pdurbin: the 1st version does not have a DB, but probably it will in the future. So far I don't have to store the credentials anywhere, I just don't know if it is secure to be sending the credentials in every request |
| 19:33 |
|
ruibrito |
pdurbin: on account that the requests can be (in some malicious way) intercepted |
| 19:33 |
|
pdurbin |
should be fine if it's over SSL |
| 19:33 |
|
pdurbin |
what kind of authentication does AWS support? OAuth? |
| 19:36 |
|
ruibrito |
pdurbin: I have to admit I am not sure, I know it is possible to have different kind of signature requests, but I am using the JAVA SDK (server side) for interacting with AWS |
| 19:36 |
|
pdurbin |
ah |
| 19:37 |
|
pdurbin |
nice that there's an sdk |
| 19:40 |
|
ruibrito |
pdurbin: you mentioned doing my requests with HTTPS, is there some options I should select is my ajax (client ide) to perform the communication in SSL? |
| 19:41 |
|
pdurbin |
hmm, I think of it more as forcing https on the server side |
| 19:42 |
|
ruibrito |
pdurbin: you mean my Server with AWS? |
| 19:43 |
|
pdurbin |
wherever your web app is hosted from |
| 19:45 |
|
ruibrito |
pdurbin: the SDk handles the communication from my Server to the AWS Server, my concern is the (insecure) communication from my server to the client? I think I should use SSL in account that I send the credentials in the POST, correct? |
| 19:46 |
|
pdurbin |
yep. sounds good. POST over SSL |
| 19:46 |
|
ruibrito |
pdurbin: Ok I have to look how to make the communication over SSL in my ajax request |
| 19:47 |
|
ruibrito |
pdurbin: another thing, is cookies a good solution for keeping the credentials saved in my client? |
| 19:49 |
|
pdurbin |
seems to be the received wisdom here: http://irclog.greptilian.com/rest/2014-06-18#i_69253 |
| 19:54 |
|
ruibrito |
pdurbin: then I am glad IRC still lives :D |
| 19:54 |
|
pdurbin |
me too |
| 19:55 |
|
ruibrito |
pdurbin: i read the log, guess I will be the one pulling an all nighter making some major changes to my code and implementing some of those good cookies, to see how they respond |
| 19:55 |
|
pdurbin |
better grab some coffee |
| 19:57 |
|
ruibrito |
pdurbin: I already have all the Java I can take |
| 19:59 |
|
ruibrito |
pdurbin: thanks for the support my friend :) |
| 20:15 |
|
|
liamkeily joined #rest |
| 20:30 |
|
pdurbin |
free advice costs nothing until you act upon it |
| 20:46 |
|
|
_ollie joined #rest |
| 20:51 |
|
|
cigarshark joined #rest |
| 20:51 |
|
|
begriffs joined #rest |
| 21:25 |
|
|
DrCode joined #rest |
| 21:27 |
|
|
adaro joined #rest |
| 21:29 |
|
|
liamkeily joined #rest |
| 21:36 |
|
|
begriffs_ joined #rest |
