December 2010
Intermediate to advanced
363 pages
12h 21m
English
book
Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition
by Chris Snyder, Michael Southwell, Thomas Myer
Content preview from Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
REST Security
The best thing about REST is its lightweight approach to exposing APIs and resources. Typically, if you want to allow an application to list out the contents of a database table (for example), you can provide a RESTful address that accepts a GET request and then reply with a JSON or XML string.
For example, http://example.com/events/today/ is the address, and hitting it with a GET request will spill out all the events occurring today at a certain locale. The requesting application sends the request and receives a JSON document with the requested information.
The bad thing about this approach is that the stack that REST relies on is pretty much absent any meaningful security support. If you want to create a more secure REST service, ...