> The thing is now we have all these web services sitting out > there which a client can consume to modify data in our site. > This is an internal-only site so I am not TOO worried about > security, but I probably should. > > The thing is, when a client consumes the web service, how do > I know that client is authenticated to my site and not some > rouge program out there trying to screw with stuff? > > Should authentication information be sent with every call? > Can I authenticate to a web service and "remember" it.
In general, you can secure web services in the same way that you secure any other HTTP requests: by requiring some sort of authentication token, and ensuring that this token is returned with every subsequent web service request. > Also, I want to keep these web services generic enough so > they don't have to just be called by Ajax. We have a Java > team in our company and I would much rather they change the > status of a record through the business layer of a web > service and the CFC behind it than for them to simply connect > to the database and start changing values independently of > the "application" knowing about it. There's no reason why you can't do that. You would have to change your public/private methods in your components to remote, and ensure that they're web-accessible. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! This email has been processed by SmoothZap - www.smoothwall.net ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:276328 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
