web服务认证 [英] Webservice Authentication

问题描述

我工作的web服务+ AJAX接口，我担心的认证。这一刻，我通过用户名和密码的WebService作为参数，但我担心，这种做法是非常不安全的。有人告诉我，SSL可以解决我的问题，但我希望有更多的选择。

I'm working on a webservice + AJAX interface, and I'm worried about authentication. This moment I'm passing username and password to the webservice as arguments, but I fear that this approach is highly insecure. I was told that ssl could solve my problem, but I want more alternatives.

我的web服务是用PHP和我的界面是PHP + AJAX。 WebService的接收参数从POST或GET和retreives XML（在以后也许我会用JSON）

My webservice is written in php and my interface is in php + AJAX. The webservice receives arguments from POST or GET and retreives xml (in a future maybe I'll use JSON)

推荐答案

AJAX请求并没有什么不同，以正常的要求。

AJAX request are no different to normal request.

既然你有一个AJAX接口，我想你可以有一个页面，用户登录项。当他们登录，在商店，在浏览器中的cookie。此cookie可以被发送回与每个AJAX请求。

Since you have an AJAX interface I guess you can have a page where users log-in. When they log-in store a cookie at the browser. This cookie can then be sent back with every AJAX request.

您的PHP脚本可以使用的cookie正是认证的Ajax请求，因为它会与正常的请求。

Your PHP script can "authenticate" the AJAX request using the cookie exactly as it would with normal requests.

这篇关于web服务认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！