tags:

views:

334

answers:

2
Q: 

REST Web Service - Website authentication

I have been working on a service that allows registered users to store data and retrieve it using an JavaScript XML Request. Basically, my service has one part that receives that product details and one part that returns them as XML on request.

What I am trying to do is prevent people from accessing other users product details. So if one user was to post product details to my service under the username "randomUser65" from website "www.example.com", then another person that tries to access the same product details user "randomuser95" and website www.tryingtostealproductdetails.com" can't get accesss.

Is there any way that JavaScript can be used to achieve this by some means of website authentication that cannot be replicated by someone trying to steal that another users data?

Thank You for your help.

Best Regards, The_Lorax

A: 

A very simple way of doing this is to provide every user with an authentication key they would provide in every request they make to your service. This key would have to be long and random enough so that it cannot be guessed easily.

Altherac  2009-08-07 08:24:58
Hi Altherac, an API key would work with server side code but what about when a user wants to access the service using javascript. My service is made to be easily consumed by any langauge and offers JSON. Is there anything that can be done to authenticate requests using javascript?Thanks, The_Lorax
The_Lorax  2009-08-08 10:02:35
A: 

Think about Yahoo auth or Google auth : they have, like Altherac said, an API Key for each user.

http://developer.yahoo.com/faq/#appid

http://code.google.com/intl/fr-FR/apis/maps/signup.html

mere-teresa  2009-08-07 09:34:45

related questions

RSS feeds from Gallery2
User authentication on Resin webserver
Recommendation for straight-forward python frameworks
Why no favicon for my web site?
Preferred way to use favicons?
IE6: To support or not to support.
FF3 WinXP != FF3 Ubuntu - why?
Source control for web projects.
Drag and drop ftp file upload web widgets
Accessing post variables using Java Servlets
Anyone have experience creating a shared library in MATLAB?
The Difference Between a DataGrid and a GridView in ASP.NET?
Options for Google Maps over SSL
Is there an Unobtrusive Captcha for web forms?
How can I detect if a browser is blocking an popup?
How to curl or wget a web page?
What Hosting Service is best for Django applications?
What are some web-based knowledge-base solutions?
What is a good web-based Grid that accepts Excel clipboard data?
What's the best online payment processing solution?
What are effective options for embedding video in an ASP.NET web site?
How can I tell if a web client is blocking ads?
How do I make a checkbox toggle from clicking on the text label as well?
Can you recommend a good CSS online resource or book?
Class views in Django