How to secure RESTful API in a proper way with a dynamic token Rails -


what trying achieve:

i'm looking create (rest) api rails application. have looked securing api, versioning of api , api gems railscast implementation of api calls.

what solution railscasts:

i find myself stuck security of api. in securing api railscast have specified keep token each app i.e. instance let consider-

android app --> "android_token"

iphone app --> "iphone_token".

whats problem:

but concern if gets access token using network tethering or something. person can make indefinite calls app.

what possible solutions:

to cease should have dynamic session kind of thing app requests. pops in head:

1.why not generate different dynamic token each request , request should coupled same dynamic token response or maintain session using dynamic token , new token regenerated after lets 30 minutes or 50 calls.

just there gems devise perform user authentication in robust way. there gem or plugin can maintain api session secure threats.

firstly not more aware network tethering, have read , understand it. not expert in security of application want suggest solutions may helpful you.

managing application security token best way in view. there no way have found dynamic session, have found 1 solution may prevent user make request multiple device common access token. may store information of particular user in session remote ip, user-agent...i think answer @ : rails saving ip address every create/update request. , ruby on rails api security

hope above useful , create value in development.


Comments

Post a Comment

Popular posts from this blog

monitor web browser programmatically in Android? -

i've got tricky question here. need users make payment bank (namely barclaycard) in uk. so, have https url , add parameters (such amount pay, order reference, etc) url, start http connection intent.actionview, redirect user browser can enter credit card details on bank's webpage , make payment our account successfully. far ? the code use below (i changed values privacy reasons) problem is, need app when user has completed/failed/cancelled payment. barclaycardautomatically redirects particular url when payment has succeeded, 1 if failed. there no way of knowing when barclaycard payment has succeeded go android app somehow ? button cardbutton = (button) findviewbyid(r.id.card_button); cardbutton.setonclicklistener(new view.onclicklistener() { @override public void onclick(view arg0) { string prehashstring = new string(); string prohashstring = new string(); string shapassphrase = new string(); shapassphrase = "gsvth£h70zkh...
Read more

Shrink a YouTube video to responsive width -

i have youtube video embedded on our website , when shrink screen tablet or phone sizes stops shrinking @ around 560px in width. standard youtube videos or there can add code make go smaller? you can make youtube videos responsive css. wrap iframe in div class of "videowrapper" , apply following styles: .videowrapper { float: none; clear: both; width: 100%; position: relative; padding-bottom: 56.25%; padding-top: 25px; height: 0; } .videowrapper iframe { position: absolute; top: 0; left: 0; width: 100%; height: 100%; } the .videowrapper div should inside responsive element. padding on .videowrapper necessary keep video collapsing. may have tweak numbers depending upon layout.
Read more

wpf - PdfWriter.GetInstance throws System.NullReferenceException -

i'm trying create pdf document using itextsharp 5.3.4 using following document document = new document(); filestream stm = new filestream(filename, filemode.create); pdfwriter writer = pdfwriter.getinstance(document, stm); i'm getting system.nullreferenceexception following stack trace: system.nullreferenceexception occurred hresult=-2147467261 message=la référence d'objet n'est pas définie à une instance d'un objet. source=itextsharp stacktrace: à itextsharp.text.version.getinstance() innerexception: i've verified neither document nor stm null, , if select "continue" in vs12 document created - exception thrown. updated itextsharp 5.4.0 , it's still occurring. can't find information on anywhere - got ideas? make sure not catching exceptions. nullreferenceexception can 1 caught , handled inside itextsharp, don't care it. fact can continue supports theory. change following setting verify: debug -> exceptions ...
Read more