Search results
Top results related to how do web services work?
Top Answer
Answered May 23, 2017 · 33 votes
Here are some ideas you may be interested in...
As I already said to you it's not an exact science. You should keep what's important for security first and consider all this "optional"
Plus, remember that all suggested "time durations" are subjective depending on how frenetic are accessess to your site and how strong should be the detection of devices.
These are the factors that may help to identify devices:
The access cookie(s)
Firstly, access token cookie may be not necessarily different from device id cookie, in fact, an access token could be used to uniquely identify a browser, even if the token string is frequently updated this way: 1 session = 1 device.
Instead, if you want to consider the same device two or more browsers, you should use of course two different cookies. 1 device = 1 session on chrome + 1 session on firefox, etc.
Secondly, the cookie(s) should "never" expire (set it to lot expire in years). If you want to expire the "remember-me" duration, you should do it in your code only. This, because a cookie that "never" expires and that is actually associated to an expired session it's still useful for to identify the device the user is using! Also when the user logs out, don't delete the cookie(s), destroy the session internally, in your code.
The IP
How to log IPs?
Every time user changes the IP to one that you consider valid, you should log it. This means that you need a table for logging all the IPs sessionID | IP | lastActionDateTime | [other factors]+. If a row containing the combination of deviceID & IP already exists, and if the lastActionDateTime was made for example within 12-24 hours, you will update lastActionDT, otherwise you should create a new row. That, unless the other factors are changed.
How to check if a changed IP is valid?
Using a GEOIP database you get the user's location: that's not even close to be reliable, but you can use Google Maps API to check the distance between the last known location and the new one associated to the IP, or if the GEOIP database already gives you LAT, LONG values you can simply calculate the distance between the two points ( more infos here, but many articles are available on the web ... I didn't actually checked it, but it should be fine). So, let's say that you may consider valid a IP that is 100-500km away from the last known location.
When the IP changes?
- With 3G IP may change even walking some steps, so if you reiceve a page-view with some different IP, and some recent previous page-view was made with the same IP,you must consider that IP valid, because it was valid just some minutes before ( lastActionDT ), of course accordingly to the state of other factors, which should be identical to the last known ones.
- If you detect a changed IP after some hours or possibly days of inactivity you may want to consider it valid and allow the login, especially if other factors match, or if you want stronger security, you can treat this case as the following:
- If you detect a changed IP after a lot of days of inactivity you should request to login again with the form. Here the session is expired, but the cookie is still there and usable, so if the form credentials are valid, you will renew the deviceID expiration instead of creating a new deviceID .
The UA String
The UA string provides some more additional checks but not necessarily relevant the majority of time, but useful for detecting suspicious versioning changes (for example what would you think if the same session generated first a Chrome 27.0 pageview and some time later a Chrome 26.0 pageview?).
- The user may have used a user-agent switcher.
- The user imported preferences (including cookies) on another browser on the same machine.
- The session cookies were stolen.
So, this is highly unreliable, but as you can imagine, it provides some hints.
(bonus) The Screen Properties
If you want to consider two browsers on the same computer the same "device" you could use javascript (of course since it's a client sided check, it's not trustable for security but still helpful... for example if someone steals the session cookies he may not know that he needs to fake also these values that you're going to use for additional checking :-P ). Anyway, window.screen contains these properties that are really useful to uniquely identifying an OS/computer
- window.screen.availWidth & window.screen.availHeight
- window.screen.availLeft & window.screen.availTop
- window.screen.width & window.screen.height
...keeping in mind that values may be inverted on the fly on mobile devices (check window.screen.orientation)
(bonus) Geolocation API
Another additional check could be made using the HTML5 Geolocation API (of course also there, since is client sided it's not trustable for security, but it's helpful if used in cooperation with the previous factors) Geolocation API Spec
Hoping to have been helpful...
Wes
1/5
Top Answer
Answered Feb 05, 2015 · 241 votes
No, they don't use files. When you click on a link like that, an HTTP request is send to their server with the full URL, like http://bit.ly/duSk8wK (links to this question). They read the path part (here duSk8wK), which maps to their database. In the database, they find a description (sometimes), your name (sometimes) and the real URL. Then they issue a redirect, which is a HTTP 302 response and the target URL in the header.
This direct redirect is important. If you were to use files or first load HTML and then redirect, the browser would add TinyUrl to the history, which is not what you want. Also, the site that is redirected to will see the referrer (the site that you originally come from) as being the site the TinyUrl link is on (i.e., twitter.com, your own site, wherever the link is). This is just as important, so that site owners can see where people are coming from. This too, would not work if a page gets loaded that redirects.
PS: there are more types of redirect. HTTP 301 means: redirect permanent. If that would happen, the browser will not request the bit.ly or TinyUrl site anymore and those sites want to count the hits. That's why HTTP 302 is used, which is a temporary redirect. The browser will ask TinyUrl.com or bit.ly each time again, which makes it possible to count the hits for you (some tiny url services offer this).
2/5
The Internet acts as a source of a plethora of information to us and all we need to do if we want any information is to just query the internet and then we will get the desired response. But who provides this information to us and how? All this is facilitated by what is called the Web Server. Along with it, there are browsers as applications we use such as Internet Explorer, Mozilla Firefox, Chrome, Safari, etc to interact with the web and browse & retrieve the files on web servers known as Web Clients.
Web Servers are basically simple computer programs that dispense the web page when they are requested using the web client. The machines on which this program runs are usually called a server, with both the names web server and server almost used interchangeably.
Generally, many people, when they think of web servers, think of them being some high-powered computers, while this is correct to some extent, some high-powered computers are also called web servers, but these computers are built with the purpose of web hosting. In web hosting, the web servers enable the hosting providers to handle multiple domains...
3/5
Top Answer
Answered Nov 24, 2009 · 10 votes
The REST ideal is that services are as consumable as Web Pages are, they don't need registries. [Got to admit I don't fully "get" the implications of this RESTful world, no WSDL, no registry feels like riding a bike with no stabilisers.]
In the old Web, pre-Google, how did we find pages? Effectively word-of-mouth and a few key starting points. REST services so far as I can see are pretty much in the pre-Google stage.
I don't agree that "it is not possible to distinguish between URI of RESTful Web service and other Web resources" - if we follow the link we get certain types of content application/xml and application/json would be pretty strong indicators wouldn't they?
4/5
Top Answer
Answered Mar 02, 2010 · 2 votes
As all things in a market economy, the price, but also the inconvenience (or convenience) and risk associated with the actual payment (irrespective of the amount) is a function of how unique and cool and valued your service or product is.
It is therefore impossible to answer the question but in very generic terms, i.e. in the form of suggestions. You actual invoicing model may base on one or several of the following
- bill for a one-time setup fee
- bill on a subscription basis (i.e. for a defined period, with explicitly defined maximum amounts of usage)
- bill for maintenance
- bill by the act, i.e. a certain amount (possibly on a decreasing unit price schedule). Such acts should be counted at the server level, (The client-side may include some audit/monitoring/log of sorts, but the server-side should be the authoritative source of info)
- bill by volume (for example number of MBytes transfered etc.), this is applicable to services where there is a big variation in the volume of info produced for each "act".
In general, the price and the modality of accounting should seem fair, to both parties, particularly to the buyer, and typically, the simpler the better. The price should not necessarily be low, provided you can make the case that the service provided is effectively valuable, and that you either invested and took risk to introduce the service, or the on-going expenses associated with running the service are evident.
5/5
www.geeksforgeeks.org › what-are-web-servicesWhat are Web Services? - GeeksforGeeks
www.geeksforgeeks.org › what-are-web-servicesJul 14, 2021 · How Does Web Service Work? The diagram depicts a very simplified version of how a web service would function. The client would use requests to send a sequence of web service calls to a server that would host the actual web service.
- 37 sec
People also ask
How does a web service work?
- distributed: A web service is not only available to just one client in most cases. Different clients access the service over the Internet. When a web service is used, a client sends a request to a server, triggering an action on that server. The server then sends a response back to the client. Web services were initially only realized via SOAP.
Web Services Easily Explained! | Example & Definition - IONOS
www.ionos.com/digitalguide/websites/web-development/web-services/How web services are used in a web application?
- Different apps can also make use of web services. A .NET application, for example, can communicate with Java web administrations and vice versa. To make the application stage and innovation self-contained, web administrations are used.
What are Web Services? - GeeksforGeeks
www.geeksforgeeks.org/what-are-web-services/What is web service in cloud computing?
- What is Web Service? Web service is a standardized medium to propagate communication between the client and server applications on the WWW (World Wide Web). A web service is a software module that is designed to perform a certain set of tasks. Web services in cloud computing can be searched for over the network and can also be invoked accordingly.
What are Web Services? Architecture, Types, Example - Guru99
www.guru99.com/web-service-architecture.htmlWhat is a web service example?
- Here is a web service example for clarification: Let's start with software written in Visual Basic, running on a Windows computer. The program requires the service of an Apache web server. To enable this, the client sends a SOAP request in the form of an HTTP message to the server.
Web Services Easily Explained! | Example & Definition - IONOS
www.ionos.com/digitalguide/websites/web-development/web-services/www.cleo.com › blog › knowledge-base-web-servicesWhat Are Web Services? Easy to Learn Concepts with ... - Cleo
www.cleo.com › blog › knowledge-base-web-servicesWhat are web services? To begin, web services are the foundation of connection and communication between applications over the internet. Learn more.
www.techtarget.com › definition › Web-servicesWhat Are Web Services? | Definition from TechTarget
www.techtarget.com › definition › Web-servicesHow web services work. Web services let different organizations or applications from multiple sources communicate without the need to share sensitive data or IT infrastructure. Instead, all information moves through a programmatic interface across a network.
en.wikipedia.org › wiki › Web_serviceWeb service - Wikipedia
en.wikipedia.org › wiki › Web_serviceA web service ( WS) is either: a service offered by an electronic device to another electronic device, communicating with each other via the Internet, or. a server running on a computer device, listening for requests at a particular port over a network, serving web documents ( HTML, JSON, XML, images). [citation needed] In a web service, a web ...
www.ionos.com › web-development › web-servicesWeb Services Easily Explained! | Example & Definition - IONOS
www.ionos.com › web-development › web-servicesApr 15, 2020 · What is a web service? Definition of the solution ; The technology behind a web service – with an example ; Advantages and disadvantages of web services
www.guru99.com › web-services-tutorialWeb Services Tutorial for Beginners: Learn Basics in 3 Days
www.guru99.com › web-services-tutorialFeb 3, 2024 · Web services is a standardized way or medium to propagate communication between the client and server applications on the World Wide Web. This course will give a detailed insight into various components of web services like SOAP, WSDL, REST, and how they operate.
www.guru99.com › web-service-architectureWhat are Web Services? Architecture, Types, Example - Guru99
www.guru99.com › web-service-architectureMar 9, 2024 · A web service is a software module which is designed to perform a certain set of tasks. Learn Web Service Architecture, Components, Characteristics with example in this tutorial.