Authentication mechanism for REST request

Skip to first unread message


Oct 12, 2013, 3:53:01 AM10/12/13
Hi All: 

I have  an Erlang app  and recently added REST support using Mochiweb.  I couldn't find anyway for authentication so just curious to know what are all the methods, standard practices being used.  One way could be to get  password in text format and extract using  proplsits & convert to md5 hex for further comparison or get md5 convetred for better security. 
Please share your views, and would be great to see any working snippet. 


Bob Ippolito

Oct 20, 2013, 5:41:33 PM10/20/13
mochiweb is a relatively low-level library for building web servers, it's not a web framework that would prescribe any particular methods for doing tasks such as authentication. That said, mochiweb_session would be useful for authenticating users after you have logged them in. The methodology that you would use to log a user in is application dependent and depends a lot on the capabilities of the clients you are connecting with and whether the transport is http or https.

You received this message because you are subscribed to the Google Groups "MochiWeb" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To post to this group, send email to
Visit this group at
For more options, visit

Dave Cottlehuber

Oct 21, 2013, 5:09:09 AM10/21/13
to BSingh,
Hi bsingh

MD5 is certainly not what you want to do here. Read up on scrypt, bcrypt, and pbkdf2, the top google links should do fine. There are erlang versions of all of these, usually as NIFs.

TL;DR md5 is not secure enough, and you need to use a salted repeated hash function to make attacking passwords more complex.

For a complete but very complex example, you might want to take a look at couchdb where we use both mochiweb and also pbkdf2 for storing and hashing user passwords is where the hashing magic happens.
Dave Cottlehuber
Sent with Airmail
Reply all
Reply to author
0 new messages