Hi,
Can anyone tell me
whether I am right by making the following assumptions;
To make sure
the proper client is talking to our server over **HTTPS** with XML I can do the
following to authenticate them:
- validate their
remote IP (apparently can be spoofed??) to the one we have on
file
- work with public
keys
- have them include
a password in the XML packet (obviously this could be guessed by brute
force)
Can't think of
anything else, and I am assuming that the public key method would be the way to
go?
The scenario is: the
clients are posting XML and we are returning XML but want to make sure they are
subscribed to our services and are who they say they are.
Thanks for any
help
Angus
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "cfaussie" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/cfaussie
-~----------~----~----~----~------~----~------~--~---
