How to build a secure and RESTful service in PHP?

Question

I\'m building an application system which consists of a server part \"in the cloud\" and a client part, e.g. an iPhone or Android app or a web browser.

Server side i

Answer 1

Is there a tutorial, book chapter or blog article that describes this comined in a singe piece?

I can recommend REST in Practice - Hypermedia System Architecture as a guide to building HATEOAS systems. It has no PHP samples, but it includes a full chapter on Web Security Issues, covering HTTP Basic and Digest Auth, OpenID and OAuth and attack vectors to be aware of.

Answer 2

Instead of inventing/building your solution, I'd use one of the many PHP frameworks for RESTful services. http://www.recessframework.org/ is pretty comprehensive, though you will almost certainly have to extend it to include authentication.

http://phprestsql.sourceforge.net/ does support authentication out of the box, but relies on HTTPS to encrypt plaintext passwords; you should be able to extend it when you work out how to deal with authentication.

Apropos authentication: as REST is intended to use the HTTP standards as much as possible, I'd recommend using the HTTP authentication mechanisms - described at length in http://php.net/manual/en/features.http-auth.php (as well as in the W3C docs).