Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

REST and Web services security

What impact would the REST architectural style have on Web services security?
I'll assume that you're asking what the implications of choosing REST are to the security of the system being built.

In general, systems developed to the REST style would be more secure than your typical SOA system, because REST incorporates constraints which enhance the security of the system. Specifically, the stateless constraint (and its parent, the self-descriptive constraint) provides the bulk of the benefit, by ensuring that a message has a single meaning that does not depend on any information not in the message. As soon as this constraint is relaxed, a whole series of security problems arise, as we've seen in browsers using cookies (e.g. cross-site scripting).

Security is a broad area, of course, and REST doesn't offer an answer to much of it. But it does provide a very solid base - and IMO, a much more solid base than SOA - for building secure large scale distributed systems.

Dig Deeper on Topics Archive

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.