rest


REST API CURL - NOT SSL Encrypted - Security?


I am hosting a script on my site, it will call the site from the domain name, using Curl and REST API,
I can't get the REST API working with the SSL Cert, I am not sure why.
But if I don't use the SSL and just send it unencrypted, does that mean someone on another pc somewhere can intercept my calls? Or would they need access to my sever to be able to "listen in"?
Basically I want to know how risky it is (will i get hacked) if I don't encrypted the calls?
If you are not using TLS while making calls to the REST API upstream, all the requests and responses will be sent as plaintext.
Since, you are making the calls upstream, whoever is present in the network path upstream, will be able to intercept your traffic. That typically means your site (or VPS) host, the ISP they use and whomever present in the logical network path up until the server hosting the service. If they are malicious they can tamper the data or log confidential information you send or receive.
does that mean someone on another pc somewhere can intercept my calls?
No, it is not like anyone on the internet can intercept your data. It is only the devices through which your packets are getting routed through will have the powers to intercept them.
Or would they need access to my sever to be able to "listen in"?
No, they do not need access to your server to do that. They can passively intercept the incoming and outgoing data.
Summary
It is always risky when you do not make use of TLS. But, you must already trust your host and the ISP they use, to have signed up with them. Although the attack surface is reduced in your case, it is not zero. So, I would highly recommend going with the TLS version of the API.
Better safe than to be sorry.

Related Links

Traverse all outgoing relationships in neo4j rest api
OpenRasta accessing sub elements
how can i connect my blackberry app to my website rest API?
Is there a way to enforce request origination with REST services
REST: how to tell server to do some background process
Why use JAX-RS / Jersey?
RESTful design: using ETag and If-None-Match for fetching new items in a collection?
restful api .. session security
Scalability of Rest-based web services
Proper HTTP response for unsupported page format (e.g. xml)?
How to specify additional action for rest URI
POST to create a resource vs creating a new path element in REST
Implementing Rest Easy with Tomcat
Contextual GWT Gadget and RPC Servlet on Google App Engine
Is there a way to use pure RESTful API to access DropBox rather than using its SDK?
JAX-RS and unknown query parameters

Categories

HOME
google-cloud-bigtable
signalr
xamarin.android
ncurses
nuxeo
google-tag-manager
smartphone
matplotlib
rocketmq
value
urlencode
eval
goutte
google-classroom
oclint
wordpress-theming
intellij-plugin
image-recognition
uiview
netezza
arraylist
ng-show
jive
jni
shippo
tcpclient
nmf
rhandsontable
version-numbering
winscp
google-api-dotnet-client
fileinfo
jboss5.x
edb
remote-server
pace
forecasting
zero
socketpair
fltk
amd
context-free-language
data-integration
chown
persistent
chrome-remote-desktop
text-classification
hpcc
iphone-developer-program
selenium-firefoxdriver
ingres
objloader
verbose
android-navigationview
cfeclipse
c64
xib
slam-algorithm
linkageerror
post-processing
fill
cmocka
coldfusion-7
windows-vista
selendroid
rspec3
low-level
snmp4j
firebug-lite
power-law
neoload
indexing-service
ksoap2
.net-cf-3.5
attachevent
ubuntu-11.10
blockingqueue
feof
datarepeater
getusermedia
getstring
msgbox
querystringparameter
noir
ruby-debug
chatroom
file-encodings
savestate
oggvorbis

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App