|
Security is an integral part of any software development project. It must be addressed whenever you develop web APIs such as REST Services, SOAP Services, and WebSocket Services.
TLS, CORS, and Security HTTP Headers are some of the technologies that aim to ensure the security of your web APIs.
Transport Layer Security (TLS) is based upon the older Secure Sockets Layer (SSL) technology and is now the industry-standard method for protecting web communications. The TLS security protocol provides data encryption, server authentication, message integrity, and optionally, client authentication for a TCP/IP connection. Because TLS is built into all major browsers and web servers, simply installing a digital certificate turns on their TLS capabilities.
See also
Server Security settings
KeyStore element in deployment configuration
|
Security HTTP Headers provide a layer of security by helping to reduce security vulnerabilities. When a user tries to access a page, the server response has a content and HTTP response headers. Those headers contain meta data, status error codes, etc. A subset of those headers are security headers which tell the browser how to behave when it handles the content.
See also
HttpProtocol element in "config.xml" server configuration file
|
See next
Authentication
|
