java - How to create paths in RESTful web service for "action oriented" methods? -


i creating restful web service , try follow conventions , recomendations creating web service. have come halt though. have user entity in system have regular crud paths for. want expose api deal forgotten passwords. take username in request , check if finds user. if change password , change password autogenerated 1 , send email user.

i read this: restful actions/services don't correspond entity? , see maybe should start looking @ non database entities resources also.

but still have issues finding concept forgotten passwords in api.

what name path , http method appropriate it? should put used since update user new password?

i think approach has obvious weakness. think expose url generates new password user, example: post url http://mycompany.com/app/user/foobar/resetpassword

obviously url cannot password protected: otherwise use forgot password cannot reset it. ok, means knows user name can reset password of user. every 5 seconds. or milliseconds... cool!

this means have somehow protect system such "naive" hacker's attack.

i implemented similar system , can suggest solution.

  1. expose open url allows start process, e.g. http://mycompany.com/app/user/foobar/resetpassword. url not change password. creates email contains yet clickable url http://mycompany.com/app/user/resetpassword/uniquetoken. token cannot guess.
  2. user receives email , clicks link. time password changed , appropriate email sent same email.

this mechanism protects system naive hacker's attack , pressed "reset password" button because first action not change password. user can access email can indeed change password.

concerning token generation. best solution store mapping of token password change request in db, can limit click attempts , make request expiration timeout. implemented simpler solution reasons: token contains encrypted user name , date when password requested, implemented request expiration cannot limit number of clicks on token contained url. implementation simple , stateless.


Comments

Post a Comment

Popular posts from this blog

SPSS keyboard combination alters encoding -

my question not have programming practical issue on spss. accident keyword combination cannot remember because did not intend press changed encoding in spss , text in data in different language english shown small boxes. nevertheless, when kind of analysis performed different language text shown in output. does know reason? tried change encoding did not produce result. first, @ edit > options , see whether setting unicode or locale. might fix it. if have text in multiple languages, want unicode. otherwise, may have specific locale set wrong. can change set locale, need know locale want use.
Read more

Add new record to the table by click on the button in Microsoft Access -

in ms access form want implement separate button, adds new record table. in order added button , attached button event: private sub btnaddrec_click() refresh codecontextobject on error resume next docmd.gotorecord , , acnewrec if err.number <> 0 btnaddrec.enabled = false end if end end sub everything ok when open window , click btnaddrec button, problem when first of perform navigation through existed records , after click on button. got runtime error: 2105: «you can't go specified record. may @ end of recordset» . how solve issue, need have ability add new record on click on specific button, no matter, have walked or not walked through records before. thanks. i created simple form field call description (and autonumber) , created button code follows click event. filled number of records , navigated through them, clicked addnewrec button. form navigated new record without issues. able click addnewrec button directly after
Read more

javascript - jQuery .height() return 0 when visible but non-0 when hidden -

i have problem here right opposite others: in jquery cannot height of element when it's visible, when hidden. have html code: <div id="filtering-filter-holder"> <div id="filtering-filter-holder-inner"></div> </div> basic css it: #filtering-filter-holder { display: none; position: absolute; width: 420px; min-height: 100px; padding: 5px 5px 5px 5px; background-color: #ffffff; border: 1px solid #164372; } and finally, js in document.ready(): $('div.filtering-filter-headline').mouseenter(function() { var el = $(this).parent().find('div.filtering-filter-content'); if ($('div#filtering-filter-holder').is(':visible')) { $('div#filtering-filter-holder-inner').stop(true, true).fadeout(300, function() { $('div#filtering-filter-holder-inner').html($(el).html()); var height = $('div#filtering-filter-holder-inner&#
Read more