So we have been running with Gonda's AjaxCFC and putting some sweet redesigned front ends to our Companies intranet site which allow the users to enter data, and modify statuses etc without reloading the page. All is good.
The thing is now we have all these web services sitting out there which a client can consume to modify data in our site. This is an internal-only site so I am not TOO worried about security, but I probably should. The thing is, when a client consumes the web service, how do I know that client is authenticated to my site and not some rouge program out there trying to screw with stuff? Should authentication information be sent with every call? Can I authenticate to a web service and "remember" it. I'm not sure how to approach this so I want to see what everyone else does. Also, I want to keep these web services generic enough so they don't have to just be called by Ajax. We have a Java team in our company and I would much rather they change the status of a record through the business layer of a web service and the CFC behind it than for them to simply connect to the database and start changing values independently of the "application" knowing about it. Thoughts? ~Brad ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:276318 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
