Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>I tend to believe that authentication details belong in the header, not the URI. If you rely on a token being placed on the URI, then every URI in your application will need to be encoded to include the token. It would also negatively impact caching. Resources with a token that is constantly changing will no longer be able to be cached. Resource related information belongs in the URI, not application related data such as credentials.</p> <p>It seems you must be targeting web browsers as a client? If so you could investigate using <a href="http://en.wikipedia.org/wiki/Digest_access_authentication" rel="noreferrer" title="HTTP Digest access authentication">HTTP Digest access authentication</a> or issuing clients their own SSL certificates to uniquely identify and authenticate them. Also, I don't think that session cookies are necessarily a bad thing. Especially when having to deal with a browser. As long as you isolate the cookie handling code and make the rest of the application not rely on it you would be fine. The key is only store the user's identity in the session, nothing else. Do not abuse server side session state.</p> <p>If you are targeting clients other than the browser then there are a number of approaches you can take. I've had luck with using Amazon's <a href="http://docs.amazonwebservices.com/AmazonCloudFront/latest/DeveloperGuide/index.html?RESTAuthentication.html" rel="noreferrer" title="Amazon S3 Authentication">S3 Authentication</a> mechanism.</p> <p>This is all very subjective of course. Purity and following REST to the letter can sometimes be impractical. As long as you minimize and isolate such behavior, the core of your application can still be RESTful. I highly recommend <a href="http://oreilly.com/catalog/9780596529260/" rel="noreferrer" title="RESTful Web Services">RESTful Web Services</a> as a great source of REST information and approaches.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload