0

I am building a restful web services. My requirement is that I have to provide authentication for accessing the webservices.

First I tried with basic authentication. Which is working fine, but somewhere I read Digest authentication is more secure so I implemented it.

After some days we started implementing keyed-HMAC authentication like Amazon webservices.

In all three ways we are sending requests over HTTP either encoded or high encryption.

I read many articles saying HMAC is more secure but I couldn't exactly get it how it is more secured. If some one can get a hold of the URL I am sending. All three methods will be useless. As they have all the details to access my webservices. Or else all three would be equally safe. Why is HMAC safer?

If I send the request through HTTPS then all are having the same safety.

Is there any other way to do it? Please share your knowledge on it. I am very much confused.

RoraΖ
  • 12,317
  • 4
  • 51
  • 83
user3933557
  • 101
  • Hi schroeder, it didn't answer my question i have an idea what are those encryption methods are but my question is are all the three ways are prone it replay attacks. what is more that Hmac offers if we use http.is it safe? – user3933557 Sep 28 '14 at 13:33
  • So is your question about HMAC being safer? The linked duplicate appears to answer the headline question. Please edit the question to make this clear and flag for reopening. – Rory Alsop Sep 28 '14 at 20:32

0 Answers0