Highest Voted 'https' Questions - Software Engineering Stack Exchange

127

votes

4 answers

REST API security Stored token vs JWT vs OAuth

I am still trying to find the best security solution for protecting REST API, because the amount of mobile applications and API is increasing every day. I have tried different ways of authentication, but still has some misunderstandings, so I need…

asked Oct 04 '15 at 19:22

CROSP

1,548
3
11
17

26

votes

5 answers

OAuth2 ROPC vs Basic Auth for public REST APIs?

The specific use case I'm interested in here is authenticating REST clients against publicly-available server endpoints (such as a public REST API). The simplest solution here is Basic Auth. But I often hear OAuth2 touted as a superior auth solution…

rest oauth https

asked Sep 16 '15 at 01:09

smeeb

4,820
10
30
49

11

votes

7 answers

Will Authentication over HTTPS Slow My Application?

I am building a web application and RESTful web service. I have been reading various articles about the best way to authenticate the requests to the web service. The best option for me seems to be to use HTTP basic authentication. Pretty much every…

web-services rest authentication ssl https

asked Feb 05 '13 at 15:57

GWed

3,085
5
26
43

10

votes

2 answers

Is HTTPS enough to avoid replay attacks?

I am exposing a few REST methods on a server for an mobile app. I would like to avoid that users can sniff how HTTP methods are built (from the mobile app) and then send them again to the server. Example : The mobile app send a request The user…

api https

asked Jul 21 '12 at 09:38

MartinMoizard

203
2
5

5

votes

1 answer

How to configure HTTPS for deployments without a host name

I currently am in charge of networked linux based hardware that exposes HTTP connections. I want to be able to connect to these through HTTPS, but the hardware deployment has 1000's of installations. I've read about problems with self-signed…

security ssl https

asked Mar 30 '18 at 20:13

Bradford Medeiros

201
1
6

4

votes

1 answer

Is HTTP 426 acceptable for "Your request should have been HTTPS"

I have an HTTP serving an API which works either anonymously or with a secret key in a header, like so: GET /profile?authenticationKey Authorization: 1234567890 I want to reject any request coming in over HTTP that uses an Authorization header,…

http https

asked Oct 27 '15 at 19:36

user2719333

49
1
2

4

votes

2 answers

Do logged in users need to browse a site over https?

I've never thought it was necessary, but a client has requested that all webpages served to logged in users be delivered over HTTPS. Aside from the implementation standpoint, which I don't think I'm going to pursue is there any real reason for this…

web-development websites https

asked Jul 02 '13 at 10:43

Luke

189
8

3

votes

2 answers

How can I protect the user password?

I am creating a MEAN stack application. I have noticed by chance that whenever I send the credentials of the user to the backend, I can "fish" it from the network option on the browser (F12). See image? What is the fastest and simplest way to…

http https angular

asked Apr 23 '20 at 12:34

Jorge Guerra Pires

157
6

3

votes

1 answer

Two way Communication between Server and Clients

Situation: We have a web application running on a server. This application needs to fetch data from some other PC(Clients), which are on a different network. On the clients' pc there are WCF hosted in Windows Services using its their local Sql db. i…

c# asp.net http websockets https

asked Jan 02 '15 at 14:09

Tariq_ASp.net

39
1
1
7

3

votes

3 answers

Is a predefined key enough security when performing HTTP requests between two secure servers?

I have an AdWords script that regularly transfers sensitive data to my server using a POST HTTP request. For security I have a predefined 32 character randomized string that is verified by my server before it accepts the data. Is this secure? I…

security server http google-app-engine https

asked Mar 11 '13 at 23:19

Hubro

676
1
7
13

3

votes

2 answers

Committing https certificates to Github...is there ever a good reason for this?

If a server certificate is published to Github, a la: -----BEGIN CERTIFICATE----- is that necessarily a bad thing? Is there ever a legitimate reason to do this? I ask because of a recent wave of attention Github has gotten since allowing users to…

security github certificate https

asked Feb 10 '13 at 04:53

yurisich

1,391
1
11
16

2

votes

1 answer

How should I handle docker containers and SSL certificates

Background We have a number of backend api's that do work; some connect to equipment, some store data, etc. The original setup was each service was a native c# asp.net 6 minimal api running on a windows server 2022. I was able to convince the right…

asp.net docker ssl https proxy

asked Mar 04 '23 at 22:17

Felix Castor

189
1
10

2

votes

1 answer

Securing an HTTPS endpoint for non-browser Post requests

I have a set of machines that I'm going to setup to push data to my web server over HTTPS at regular intervals. These units will automatically send requests using a script, so I plan on giving them configuration files with a username and long…

security https

asked Apr 25 '17 at 20:54

Copernicus

105
3

2

votes

1 answer

Does HTTPS prevents man in the middle sending the same message several times

If a User is exchanging messages with a Server over HTTPS, could a man in the middle intercept messages and send them several time. For instance, George orders a laptop on a https e-commerce, could Dimitri, a man in the middle, intercept the message…

https

asked Aug 20 '15 at 08:21

Serge

861
2
6
12

2

votes

1 answer

Random number for HTTPS MAC

Recently I found that Netscape used quite simple algorithm to generate random number for Message Authentication Code to establish an HTTPS connection (Nestscpe used time, process identification number, and parent-process identification number). So…

browser encryption random https

asked Sep 19 '11 at 02:45

Nutel

1,491
4
14
13

Questions tagged [https]