17 Mar
2012
17 Mar
'12
9:54 p.m.
Am Samstag, 17. März 2012, 15:38:49 schrieb Charles Duffy:
So -- I might implement this eventually, as a spare-time thing. The first thing that concerns me -- something strong, like bcrypt, will make the REST interface, with its per-command authentication (lack of sessions) unworkably expensive, so there should be some forethought into how we'd want to handle session management and expiration for the REST API.
One of the main features of a RESTful service is being stateless. The only proper way of secure authentication is using HTTPS - after all, the that's the main reason why it was invented ;)
Regards, Dimitar