I have been trying to figure out the best way to tackle this:

I am trying to set up a web app which is essentially an information 
broker that provides chunks of data to other web apps.  To make things 
simple for this discussion lets say I am extracting images from my DB 
and then passing them on to another web app which is outside of my 
control.  Assume CFMX7 on the local site and some unknown WDDX capable 
setup on the remote site.

Using WDDX to transfer the data between the sites I've got it working 
right now but the part I am stuck on is authentication.

How do I ensure that only specific people/sites can access these WDDX 
packets(images)?  Presumably the user is authenticated on the remote web 
app, but my app has no knowledge of this session; I am outside of the 
scope of the remote application.

The most obvious way I can think of would be to just pass the username 
and password through the url whenever you call for the image on the 
remote site.  They would be hardcoded within the img src parameter. 
That way you don't have to worry about sessions at all.  The problem 
with this is you have the user/password just sitting there in plaintext 
in your browser history etc.

You could use a form to pass the user info which would hide the 
information from plain view but that would start to get ugly having to 
pass form vars every time you wanted to display one of my "protected" 
images in your web app.  I'd like to keep it as clean & straightforward 
as possible.

You could have the remote app authenticate against the local app after 
the user initially signed in on the remote app.  The problem I see here 
is that the 2 sessions could get out of sync and if one expires before 
the other it would essentially break all the image links.

I thought about cookies but I like to avoid them if possible.

There has got to be a better way to handle this...

Any ideas?

Dave Reynolds


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Find out how CFTicket can increase your company's customer support 
efficiency by 100%
http://www.houseoffusion.com/banners/view.cfm?bannerid=49

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:222874
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Reply via email to