问题
I am new to OrientDB. I am going thorugh the REST apis and I am not able to understand the security of the apis. I dont have much experience with backend development (i am a front end developer) so please help me clarify some points here :
- As I can see all the GET requests are open, as in, if I know the url & the record or class name I can simply type it in the web browser & anyone can access all the records. How does this data is protected ??
- How does access tokens or session works with the REST Apis ??
This might be a very basic question but since I have just started learning it please suggest the right approach or any useful resources.
Thanks.
回答1:
all REST requests are authenticated using HTTP authentication, if you have OrientDB Studio open then you are already authenticated and the browser will not ask again for user/password. Try to open a new anonymous browser window and send a REST call, you will see the popup asking for user/password.
Here you can find additional info about HTTP and sessions
http://orientdb.com/docs/last/OrientDB-REST.html
来源:https://stackoverflow.com/questions/30601601/first-time-orientdb-user-regarding-security-in-rest-api