tl:dr;
– If it’s on an HTTP address, consider it public info — usernames, passwords, HTML, and JSON results are all interceptable.
– unless you’ve secured it, your database usernames, passwords, and data are ALSO being sent in plain text.
tl:dr;
– If it’s on an HTTP address, consider it public info — usernames, passwords, HTML, and JSON results are all interceptable.
– unless you’ve secured it, your database usernames, passwords, and data are ALSO being sent in plain text.
Dominic Baier, who gave a great presentation on the security pipeline in WebAPI, has published his slides here and his source code here. Not going to say much else, but this is going to be a great help for us in getting our API secured.