Q

REST and Web services security

What impact would the REST architectural style have on Web services security?
I'll assume that you're asking what the implications of choosing REST are to the security of the system being built.

In general, systems developed to the REST style would be more secure than your typical SOA system, because REST incorporates constraints which enhance the security of the system. Specifically, the stateless constraint (and its parent, the self-descriptive constraint) provides the bulk of the benefit, by ensuring that a message has a single meaning that does not depend on any information not in the message. As soon as this constraint is relaxed, a whole series of security problems arise, as we've seen in browsers using cookies (e.g. cross-site scripting).

Security is a broad area, of course, and REST doesn't offer an answer to much of it. But it does provide a very solid base - and IMO, a much more solid base than SOA - for building secure large scale distributed systems.
This was last published in November 2003

Dig Deeper on Representational State Transfer (REST)

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchSoftwareQuality

SearchCloudApplications

SearchAWS

TheServerSide

SearchWinDevelopment

Close