This Question is Assumed Answered

1 "correct" answer available (4 pts) 2 "helpful" answers available (2 pts)
1 Replies Last post: May 3, 2013 12:03 AM by Yegor Yarko  
Michael Clayton Newbie 2 posts since
Apr 19, 2013
Currently Being Moderated

Apr 19, 2013 6:31 PM

Secure login to REST API over HTTP

Hi,

 

I'm currently working on C# a project which integrates with the TeamCity REST API and it's all working ok except for sending passwords in plain text over HTTP during authentication. I've seen that the regular user login page actually encrypts or hashes the password which makes it safer over HTTP than sending the plain text password. Does anyone know if it's possible to do something similar when connecting to the REST API, and if so is there a C# implementation of the encryption / hashing algorithm somewhere? (Or alternatively, a description of what the technical details of the encryption / hashing algorithm are so that I can have a go at implementing it myself - I'll publish the result on a GitHub project if I get it working).

 

We've got a long-term plan to move to HTTPS which would obviously be a better solution, but in the meantime I'm stuck with HTTP and I'd like to avoid sending plain text passwords...

 

Cheers,

 

Mike

Yegor Yarko JetBrains 1,837 posts since
May 5, 2004
Currently Being Moderated
May 3, 2013 12:03 AM in response to: Michael Clayton
Re: Secure login to REST API over HTTP

Hi Michael,

 

Sorry for the delayed reply.

 

I am affraid that so far there is no "due" way to securely login via REST other then using HTTPS.

Transferring of the clear-text password can be minimized to once per session, though, see the comment.

 

As to login page algorythm, that is implemented in JavaScript and you can get that looking at the login page code. But so far that is not part of "open API"...

 

BTW, is your project a wrapper over REST API (like some others) or does it provide additional functionality?

More Like This

  • Retrieving data ...