c# - Securely Sending Sensitive Information to RESTful Service -

-

so i've searched , tried piece various information i've found, , apologize if information does exist somewhere else. not being security professional want make sure correctly not introduce crazy security flaw.

i'm developing restful service in c# hosted on azure allow users login username , password , subsequent calls service associated user. first client of service going web app communicates via javascript service (not sure if makes different).

so here's i've sort of come workflow:

  • user lands on site
  • user enters username , password
  • information sent service
    • this have least amount of detail
  • service authenticates user credentials
  • service returns token used subsequent service calls

i've read ssl , know azure supports ssl certificates, i'm not 100% sure it's i'm looking for. having ssl cert , using https, make okay send plain-text user information service? doesn't sound right. if not, else need able securely send (and potentially other) sensitive information service?

thanks in advance help.

if application talking service hosted on azure javascript, want take @ adal.js. vittorio bertocci describes how secure such application in this article.

when using ssl/tls, transportation channel encrypted, intercepting packets cannot read clear text. still need protect application other attacks lead information disclosure (things sql injection etc). @ owasp top 10 cheat sheet more info.


Comments

Post a Comment

Popular posts from this blog

Fail to load namespace Spring Security http://www.springframework.org/security/tags -

-
i have problem namespace of spring security on xhtml page. don't understand why can't load uri, , have following issue: whitelabel error page application has no explicit mapping /error, seeing fallback. tue jul 21 16:58:12 utc 2015 there unexpected error (type=not found, status=404). please need help! possible uri has been changed? best regards you using incorrect namespace url. correct url http://www.springframework.org/schema/security the error page seeing spring source website since not recognize url. try visiting http://www.springsource.org/security/tags in browser update : spring security tags used in jsp page correct tag lib declaration is: <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
Read more

sql - MySQL query optimization using coalesce -

-
can explain me why second query faster first? (first 1 takes around 40 seconds, second 1 less 0.1) select releases.feature_code, releases.platform_id, version, release_date, general_available, uri, filesize, display_name, feature_name.full_name, if ((select exists(select 1 release_exceptions releases.feature_code = release_exceptions.feature_code , releases.platform_id = release_exceptions.platform_id , releases.version = release_exceptions.version) = 1), 1, 0) release_exceptions releases left outer join platform using(platform_id) left outer join feature_name using(feature_code) order version desc; ~~~ query 2 ------------------ ~~~ select feature_code, version, release_date, general_available, platform_id, uri, filesize, display_name, feature_name.full_name, coalesce(release_exceptions, 0) release_exceptions mus.releases left outer join ( select distinct feature_code, version, platform_id, 1 release_exceptions mus.release_exceptions ) release_exceptions using ...
Read more

unity3d - Unity local avoidance in user created world -

-
i'm using unity3d networked multiplayer online game have large complex 3d terrain scene forest, trees, cliff, hills, mountains, bounders, etc. players can build structures sort of minecraft, , put them anywhere in scene, or move them around anytime. aside human controlled players, there automated ai players , objects animals roaming around scene following path. the problem how make these automated ai players , animals, able navigate around static , dynamic player created structures, because path follow can blocked player created structures, or other players , other ai objects, cliffs etc. have find away around them or on track if tumble down off high cliff example. so made navmesh , used navagents, takes care of static, non moving objects, how make ai players navigate around each other , dynamic structures created players can number in hundreds? i thought of adding navmeshobstacle everything, result in being attached hundreds of objects since user created structures b...
Read more