问题描述
我是新来的宁静的API的概念。
I am new to the concept of Restful API's.
我设计一个宁静的API一个在线商店。
I am designing a restful api for an online store.
我还没有正确理解基本的HTTP认证的概念,通过SSL。
I have not properly understood the concept of basic http authentication over ssl.
这是否意味着,对于每一个请求,用户将不得不再次进入他/她的用户名和密码?
Does that mean, for every request, the user will have to enter his/her username and password again?
有人可以请详细解释它的功能如何?如何意味着要使用吗?
Can somebody please explain in detail how it functions and how is it meant to be used?
先谢谢了。
推荐答案
基本认证方式就是以用户为标准的HTTP报头,并通过连接用base64 codeD:
Basic authentification is just a standard HTTP header with the user and pass encoded in base64 :
授权:基本QWxhZGRpbjpvcGVuIHNlc2FtZQ ==
(http://en.wikipedia.org/wiki/Basic_access_authentication) 。如果你用这个头通过非SSL连接如验证您的休息API调用,问题是,在中间任何人可以去code从权威性的头你的用户名和密码。
(http://en.wikipedia.org/wiki/Basic_access_authentication) .If you authenticate your rest API calls by this header over a non ssl conection, the problem is that any man in the middle can decode your username and password from your auth header.
要确保您的密码安全地发送,而不是必须使用HTTPS正常的HTTP连接。 HTTP和HTTPS之间唯一的区别是,HTTPS是使用SSL / TSL安全协议通过TCP / IP而不是简单的TCP / IP。
To make sure that your password is sent securely , instead of a normal HTTP connection you must use HTTPS . The only difference between HTTP and HTTPS is that HTTPS is using the SSL/TSL security protocol over TCP/IP instead of plain TCP/IP.
现在这具有的缺点是,建立一个HTTPS连接是在CPU上比正常HTTP连接更加昂贵。
这是很清楚的,如果你想验证与此头每个请求的REST调用,你应该让你的REST API仅适用于HTTPS连接。
Now this has the drawback that establishing a HTTPS connection is more expensive on the cpu than normal HTTP connection.It is very clear that If you want to authenticate your rest calls on every request with this header you should make your rest API only available to HTTPS connections.
这篇关于HTTP基本身份验证的REST API SSL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!