On Dec 30, 11:32 am,
bcar...@gmail.com wrote:
> (related to CF). Thanks for the response and I am in agreement in
> that basic over https is a simple and effective solution to Rest
> security.
HTTPS is good except for the overhead (which may or may not be a big
deal any more these days). I started to write that I couldn't believe
that JRun didn't support digest auth under the sheets but in looking
at the docs, it does say at least JRun 3.0 does not support it.
Weak!
I personally am using simple tokens right now. I've setup a radius-
like 'secret' that both sides could use to hash some of the parameters
to prevent tampering but I'm trying to keep things simple to start.
You might also explore having your web server perform the
authentication... via mod_radius, mod_ldap, mod_auth_postgres,
mod_auth_mysql, mod_auth_*, you could have a farm of Apache servers
performing the digest authentication without bringing ColdFusion into
the mix. I recognize you might want to use that information to handle
authorization but it's an idea.
Brian