hmm, yes, I was thinking about authentication at app level, but I think I'm going to have to rethink this and do need to look at user authentication level which would have to happen anyway.
cheers On 8/20/08, Terry Sasaki <[EMAIL PROTECTED]> wrote: > > > Is it possible somehow to issue a cookie beforehand (perhaps users > need to manually login first), and attach it to SOAP request header??? > > I'm doing the similar thing, but it's not JS. > > 2008/8/20 Taco Fleur <[EMAIL PROTECTED]>: > > Users would make a http request to our domain, they get the inital HTML > and > > JS on their machine, from there on out the requests will be made between > the > > client's browser and our web services which are on another domain. Once > the > > JS app is on the client-side we cannot check whether sub sequent requests > > are coming from our domain. > > > > On 8/20/08, Dale Fraser <[EMAIL PROTECTED]> wrote: > >> > >> Users running your app would be coming from your domain, a copy would be > >> coming from a different domain. > >> > >> > >> > >> So you need to ensure that you only allow requests to your webservices > >> from your domain. > >> > >> > >> > >> Regards > >> > >> Dale Fraser > >> > >> http://learncf.com > >> > >> http://flexcf.com > >> > >> > >> > >> > >> > >> From: cfaussie@googlegroups.com [mailto:[EMAIL PROTECTED] On > >> Behalf Of Taco Fleur > >> Sent: Wednesday, 20 August 2008 8:52 AM > >> To: cfaussie@googlegroups.com > >> Subject: [cfaussie] [OT] Authentication with JavaScript/AJAX > >> > >> > >> > >> I was wondering if anyone has run into this before; we're creating a > >> client side app in JS (think of gmail), the problem being that I can't > >> immediately think of a way to authenticate the client without embedding > the > >> authentication details in the JS. > >> > >> > >> > >> In other words, when our JS app is loaded on the client side we want to > >> make sure it is our app thats talking to us, and not someone who has > copied > >> the code and is running all types of requests against our server. The > client > >> we are planning to create will consume web services provided by us. I > hope > >> this makes any sense. > >> > >> Cheers > >> -- > >> Try advertising on the new Australian Business Directory > >> www.clickfind.com.au > >> blog: http://australiansearchengine.wordpress.com/ > >> Web Designers > http://www.web-designers-australia.com > >> > >> > > > > > > > > -- > > Try advertising on the new Australian Business Directory > > www.clickfind.com.au > > blog: http://australiansearchengine.wordpress.com/ > > Web Designers > http://www.web-designers-australia.com > > > > > > > > > -- Try advertising on the new Australian Business Directory www.clickfind.com.au blog: http://australiansearchengine.wordpress.com/ Web Designers > http://www.web-designers-australia.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to cfaussie@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en -~----------~----~----~----~------~----~------~--~---