I have been trying to figure out the best way to tackle this: I am trying to set up a web app which is essentially an information broker that provides chunks of data to other web apps. To make things simple for this discussion lets say I am extracting images from my DB and then passing them on to another web app which is outside of my control. Assume CFMX7 on the local site and some unknown WDDX capable setup on the remote site.
Using WDDX to transfer the data between the sites I've got it working right now but the part I am stuck on is authentication. How do I ensure that only specific people/sites can access these WDDX packets(images)? Presumably the user is authenticated on the remote web app, but my app has no knowledge of this session; I am outside of the scope of the remote application. The most obvious way I can think of would be to just pass the username and password through the url whenever you call for the image on the remote site. They would be hardcoded within the img src parameter. That way you don't have to worry about sessions at all. The problem with this is you have the user/password just sitting there in plaintext in your browser history etc. You could use a form to pass the user info which would hide the information from plain view but that would start to get ugly having to pass form vars every time you wanted to display one of my "protected" images in your web app. I'd like to keep it as clean & straightforward as possible. You could have the remote app authenticate against the local app after the user initially signed in on the remote app. The problem I see here is that the 2 sessions could get out of sync and if one expires before the other it would essentially break all the image links. I thought about cookies but I like to avoid them if possible. There has got to be a better way to handle this... Any ideas? Dave Reynolds ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:222874 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
