REST 与 SOAP 对于大量安全数据的比较
我有一个要求,我在服务器上有大量数据(以 pdf、图像、doc 文件的形式),这些数据将分发给许多用户。我想使用 Web 服务及其元数据来提取这些文件。我将以字节为单位获取文件。我很困惑哪种类型的网络服务会更安全、更容易解析?哪一种在iPhone客户端上容易实现?
我知道 REST 更简单,但我在某处读到它不适合分布式环境。同时 SOAP 对于移动平台来说太重了。
我搜索了许多网站,描述了 REST 如何变得更容易以及 SOAP 如何变得安全。我很困惑该使用哪一个? 还有关于响应类型,JSON 或 XML 哪个更适合我的要求?
I have a requirement where I have large amount of data(in form of pdf,images,doc files) on server which will be distributed to many users. I want to pull these file using web services along with their meta-data. I will be getting the files in bytes. I am confused in which type of web service will be more secure, easy to parse? Which one is easy to implement on iPhone client?
I know REST is simpler but I read somewhere that it is not suitable for distributed environment. At the same time SOAP is too heavy for mobile platform.
I have searched many sites describing how REST is easier and how SOAP is secure. I got confused about which one to use?
Also about the kind of response, which will be better JSON or XML for my requirement?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
对于您的要求,JSON 将是最好的响应类型,因为它比 XML 小得多(在许多测试中小 50% 以上)。您可以使用 SBJSON (https://github.com/stig/json-framework/)在 iOS 上轻松解析它。
关于REST或SOAP,最后一个对于移动平台来说确实很重并且不太容易实现。 SOAP 也需要 XML,并且不能与 JSON 一起使用。而使用 REST,您可以使用 JSON 或 XML,并通过 RESTKit (http://restkit.org/) 在 iOS 上轻松实现它),为了安全起见,您可以使用带有 HTTPS 的 SSL 连接和签名证书。
SOAP 的唯一优势是 WSDL(Web 服务规范),它使您的 Web 服务变得非常强大。
For your requirements JSON will be the best kind of response because it is way smaller than XML (More than 50% smaller in many tests). You can use SBJSON (https://github.com/stig/json-framework/) to parse it easily on iOS.
Concerning REST or SOAP, the last one is indeed really heavy for mobile platform and not so easy to implement. SOAP requires XML too and cannot be used with JSON. Whereas with REST you can use JSON or XML and easily implement it on iOS with RESTKit (http://restkit.org/), for security you can use an SSL connection with HTTPS and a signed certificate.
The only advantage of SOAP is the WSDL (Webservice specification) which made your webservices really strong.
除非您有在同一响应中拉取文件数据和元数据的特定要求,否则您可能会考虑使用常规 HTTP GET 拉取文件。您可以通过 HTTPS 和基本身份验证或客户端证书获得良好的安全性。然后,我将包含一个指向文件元数据的链接标头,如下所示:
特别是,这使您可以为文件本身及其元数据提供单独的缓存语义,这在文件较大的常见情况下非常有用比它们的元数据以及元数据可以在文件内容不改变的情况下改变的地方。
Unless you have a specific requirement to pull the file data and the metadata in the same response, you might consider just pulling down the file with a regular HTTP GET. You can get decent security with HTTPS and Basic Auth or client certificates. I would then include a Link header pointing to the metadata for your file, as in:
In particular, this lets you have separate caching semantics for the file itself and for its metadata, which is useful in the common case where the files are much larger than their metadata and where metadata can change without file contents changing.