-adam
> -----Original Message-----
> From: Barney Boisvert [mailto:[EMAIL PROTECTED]
> Sent: Thursday, April 22, 2004 09:54 PM
> To: 'CF-Talk'
> Subject: RE: Web Services
>
> Careful how you phase that. It is absolutely, irrefutably impossible to
> keep cfcs called as web services instantiated beyond a single request.
>
> Thos CFCs should be exceedingly lightweight and do little more than delegate
> to cached CFCs in a shared scope that actually do everything. This is the
> architecture you refer to, but it's important that the actual web service
> CFC instances are different, and never kept around.
>
> Semantics? Yes. Potentially confusing? Yes. At least it was to me when I
> was first trying to figure out how to use WS effectively.
>
> Cheers,
> barneyb
>
> > -----Original Message-----
> > From: Adrocknaphobia [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, April 22, 2004 2:40 PM
> > To: CF-Talk
> > Subject: Re: Web Services
> >
> > Exactly, however it is possible to keep those cfcs instantied
> > if you roll your own architecture to do it.
> >
> > -adam
> >
> > > -----Original Message-----
> > > From: Barney Boisvert [mailto:[EMAIL PROTECTED]
> > > Sent: Thursday, April 22, 2004 08:17 PM
> > > To: 'CF-Talk'
> > > Subject: RE: Web Services
> > >
> > > Web services are only as stateless as the protocol (HTTP)
> > makes them.
> > >
> > > We've used an authentication token, much like a cookie,
> > with great success.
> > > We also have fairly expensive authentication/authorization
> > operations which
> > > are greatly streamlined by caching, so it was of great benefit to
> > > authenticate as few times as possible.
> > >
> > > A slightly different point of note is that all web service
> > invocations on
> > > CFCs happen "statically". In other words, all your web
> > service invocations
> > > initialaze a brand new CFC instance for each request, call
> > a method on the
> > > instnace, and then it gets thrown away, never to be used again.
> > >
> > > Cheers,
> > > barneyb
> > >
> > > > -----Original Message-----
> > > > From: Marlon Moyer [mailto:[EMAIL PROTECTED]
> > > > Sent: Thursday, April 22, 2004 12:27 PM
> > > > To: CF-Talk
> > > > Subject: Web Services
> > > >
> > > > I'm trying to experiment with web services and I've already
> > > > run into my
> > > > first conundrum. It seems that the basic principle of
> > web services
> > > > dictates a stateless design. So how do you maintain
> > security in your
> > > > services. Say you have a time sheet program and the flow
> > > > goes something
> > > > like this:
> > > >
> > > >
> > > >
> > > > 1.enter site.
> > > >
> > > > 2.log into system
> > > >
> > > > 3.enter new time into system
> > > >
> > > > 4.review old records.
> > > >
> > > > 5.edit previous entry
> > > >
> > > >
> > > >
> > > > Does this mean that for steps 2 through 5 you'll be sending the
> > > > user/password combo so that each call can be authenticated? I've
> > > > thought that maybe step 2 could return a connection id
> > that you could
> > > > sub for the user/password combo.....
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > >
> > > > Marlon Moyer, Sr. Internet Developer
> > > >
> > > > American Contractors Insurance Group
> > > >
> > > > phone: 972.687.9445
> > > >
> > > > fax: 972.687.0607
> > > >
> > > > mailto:[EMAIL PROTECTED]
> > > >
> > > > www.acig.com
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
