BeautifulRestApi icon indicating copy to clipboard operation
BeautifulRestApi copied to clipboard

Published 20 hours ago verified publisher icon nbarbettini

Add security

Open nbarbettini opened this issue 7 years ago • 2 comments

Right now the API is unauthenticated. An example of how to do API security for a RESTful API would be sweet!

nbarbettini avatar Dec 15 '16 19:12 nbarbettini

Also to security stuff - you shoudn't send everything to the user... only that what is needed. I mean - good idea would be to make 2 models for Input (Requests) and Output (Responses) to prevent data leakage. :D I'm trying to master it right now. :)

TheAifam5 avatar May 19 '18 12:05 TheAifam5

@TheAifam5 I agree, having separate classes to model what's stored in the DB, what's returned to the user, and what's accepted in a POST reduces the chances that you'll accidentally leak something. This project already uses that pattern. 🙂

nbarbettini avatar May 19 '18 23:05 nbarbettini