What is the proper way of passing a password to a web service via restful api (when a user is registering or just logging in)? How should I store it?
From what I was thought, I should only store hashes, for example MD5. But from what I can read in the Internet it appears to be rather easy to just look up a hash in a "hash rainbow table" - so storing a hash would be equal to storing a clear text. How to do it properly?
Info:
The way to pass username and password to a REST service is to use the basic authentication scheme over HTTPS. HTTPS should protect your password from being stolen in transit.
As I explain in my answer here, it's not a good idea to use basic authentication for your services. You would be better of using a Security Token Service (STS) and use bearer authentication
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments