开发者

I'm having problems creating a web service that takes a username and password and checks against a database

I am developing a web service that authenticates a user trying to access a web application. I'm new to web services and have seen a lot of different APIs and have started using JAX WS. Im not sure if this is an alternative to JAXB or if it should be used with it.

Currently I have a test page that a user can enter their username and password and this is the n sent to the web service as strings (which obviously cant happen for security reasons) where I can check against a database. My problem is finding a way to send the password securely..

The reason I am not putting the authentication within the application is because there will be several applications all using the same database to authenticate users so a web service would be beneficial.

Also, I had hoped I would be able to pass the web service an xml file instead of string but it seems this is 开发者_运维问答not possible?

Thanks


Use SSL. Passing an encrypted password is not any more secure (and arguably less secure) since anyone intercepting the transmission can send call your webservice again with the encrypted password and your web service is none the wiser.

Of course, in your web service you should be salting and hashing the password before storing it.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜