我很高兴与RESTFUL Api合作。我正在尝试编写PS模块以与CommVault API进行交互(http://documentation.commvault.com/commvault/v11/article?p=features/rest_api/test_environment_sandbox.htm)
文档似乎很好,我不认为我会遇到很多问题,但我担心它的身份验证方式。它使用POST方法而不是GET,但仍然将密码提交为Base64编码,而不是任何真正的加密。这真的有多安全?有人可以检查网络流量并确定我的密码吗?
我从这样的事情开始:
$userName = Join-Path $env:USERDOMAIN $env:USERNAME
$credential = Get-Credential -UserName $userName -Message "Enter password for user $userName."
$SERVER = "myserver.com"
$APIURL = "http://$($SERVER):81/SearchSvc/CVWebService.svc"
$APIURLaction = "$APIURL/login"
$passwordB64byte = [System.Text.Encoding]::UTF8.GetBytes($credential.GetNetworkCredential().Password)
$encodedPassword = [System.Convert]::ToBase64String($passwordB64byte)
$loginReq = "<DM2ContentIndexing_CheckCredentialReq mode=""Webconsole"" username=""$userName"" password=""$encodedPassword"" />"
$result = Invoke-WebRequest -Uri $APIURLaction -Method POST -Body $loginReq -UseBasicParsing
$token = (([xml]$result.content).SelectSingleNode("/DM2ContentIndexing_CheckCredentialResp/@token")).value
感谢:http://setspn.blogspot.co.uk/2015/04/commvault-rest-api-using-powershell.html
答案 0 :(得分:0)
同意@bill_stewart,您应该在应用通过网络发布敏感数据时使用HTTPS。