NetTalk Central
NetTalk Web Server => Web Server - Ask For Help => Topic started by: Koen Tjoa on December 20, 2016, 07:28:36 AM
-
Hi all,
Standard NetTalk allows to use the GET method in every service method. So this can also be done WebServiceMethods with password and tokens as parameter. However I would like not to “reward” the user when he is using GET for sending passwords.
Is there some setting which disables the GET method?
Cheers,
Koen
-
Hi Koen,
I'm not sure disabling GET would be an ideal approach.
GET is a big part of REST, if the user is using the HTTP Verb to indicate the action they want to do.
Plus it's possible to use GET with an authorization header, or with a cookie, both of which would be very much ok - and in some cases probably required.
So sure, it would be nice to detect, and prevent the login and password being part of the URL, but there's no easy way I can think of offhand to do that, and still keep the general "correctness" of the API - especially as you are making a REST API.
Cheers
Bruce
-
Hi Bruce,
I didn’t realize that GET is also a part of REST so it obvious that disabling GET isn’t a good idea.
Thanks, for clarifying.
Cheers,
Koen