Ask the Expert

REST and Web services security

What impact would the REST architectural style have on Web services security?

    Requires Free Membership to View

I'll assume that you're asking what the implications of choosing REST are to the security of the system being built.

In general, systems developed to the REST style would be more secure than your typical SOA system, because REST incorporates constraints which enhance the security of the system. Specifically, the stateless constraint (and its parent, the self-descriptive constraint) provides the bulk of the benefit, by ensuring that a message has a single meaning that does not depend on any information not in the message. As soon as this constraint is relaxed, a whole series of security problems arise, as we've seen in browsers using cookies (e.g. cross-site scripting).

Security is a broad area, of course, and REST doesn't offer an answer to much of it. But it does provide a very solid base - and IMO, a much more solid base than SOA - for building secure large scale distributed systems.

This was first published in November 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: