পৃষ্ঠাসমূহ

Search Your Article

CS

 

Welcome to GoogleDG – your one-stop destination for free learning resources, guides, and digital tools.

At GoogleDG, we believe that knowledge should be accessible to everyone. Our mission is to provide readers with valuable ebooks, tutorials, and tech-related content that makes learning easier, faster, and more enjoyable.

What We Offer:

  • 📘 Free & Helpful Ebooks – covering education, technology, self-development, and more.

  • 💻 Step-by-Step Tutorials – practical guides on digital tools, apps, and software.

  • 🌐 Tech Updates & Tips – simplified information to keep you informed in the fast-changing digital world.

  • 🎯 Learning Support – resources designed to support students, professionals, and lifelong learners.

    Latest world News 

     

Our Vision

To create a digital knowledge hub where anyone, from beginners to advanced learners, can find trustworthy resources and grow their skills.

Why Choose Us?

✔ Simple explanations of complex topics
✔ 100% free access to resources
✔ Regularly updated content
✔ A community that values knowledge sharing

We are continuously working to expand our content library and provide readers with the most useful and relevant digital learning materials.

📩 If you’d like to connect, share feedback, or suggest topics, feel free to reach us through the Contact page.

Pageviews

Saturday, March 11, 2017

RESTful Web Services - Security

As RESTful Web Services work with HTTP URL Paths, it is very important to safeguard a RESTful Web Service in the same manner as a website is secured.
Following are the best practices to be adhered to while designing a RESTful Web Service −

  • Validation − Validate all inputs on the server. Protect your server against SQL or NoSQL injection attacks.
  • Session Based Authentication − Use session based authentication to authenticate a user whenever a request is made to a Web Service method.
  • No Sensitive Data in the URL − Never use username, password or session token in a URL, these values should be passed to Web Service via the POST method.
  • Restriction on Method Execution − Allow restricted use of methods like GET, POST and DELETE methods. The GET method should not be able to delete data.
  • Validate Malformed XML/JSON − Check for well-formed input passed to a web service method.
  • Throw generic Error Messages − A web service method should use HTTP error messages like 403 to show access forbidden, etc.

HTTP Code

Sr.No. HTTP Code & Description
1
 200
OK − shows success.
2
 201
CREATED − when a resource is successfully created using POST or PUT request. Returns link to the newly created resource using the location header.
3
 204
NO CONTENT − when response body is empty. For example, a DELETE request.
4
 304
NOT MODIFIED − used to reduce network bandwidth usage in case of conditional GET requests. Response body should be empty. Headers should have date, location, etc.
5
 400
BAD REQUEST − states that an invalid input is provided. For example, validation error, missing data.
6
 401
UNAUTHORIZED − states that user is using invalid or wrong authentication token.
7
 403
FORBIDDEN − states that the user is not having access to the method being used. For example, Delete access without admin rights.
8
 404
NOT FOUND − states that the method is not available.
9
 409
CONFLICT − states conflict situation while executing the method. For example, adding duplicate entry.
10
 500
INTERNAL SERVER ERROR − states that the server has thrown some exception while executing the method.
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)