Thanks Sean. I can set up my web service to only accept calls from port 81, this should mean that users of the web service will need to us reference my web service by using https://. This combined with a username / password should be secure enough.
Brian Knott > -----Original Message----- > From: Sean Corfield [SMTP:[EMAIL PROTECTED] > Sent: Friday, 18 June 2004 8:21 > To: CFAussie Mailing List > Subject: [cfaussie] Re: Secure XML > > On Fri, 18 Jun 2004 08:02:47 +1000, KNOTT, Brian > <[EMAIL PROTECTED]> wrote: > > I looking at exposing a web service to another server on the internet. > My > > question is can I use SSL or some other security to secure the > > communications. I can put a username / password on the web service, but > > what else can I do. > > Yes to all of the above. A username / password, passed to every method > is a simple solution and you'd want to use SSL so the username / > password can't be sniffed. > > You could also use a login() method: clients need to login first with > a username / password and you hand them back a session id which they > then have to provide on all subsequent calls. Usually this is done via > SOAP headers. An example is the salesforce.com web service API. See my > blog for a link to a MM forum thread on this. > -- > Sean A Corfield -- http://www.corfield.org/blog/ > > "If you're not annoying somebody, you're not really alive." > -- Margaret Atwood > > --- > You are currently subscribed to cfaussie as: [EMAIL PROTECTED] > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Aussie Macromedia Developers: http://lists.daemon.com.au/ ----------------------------------------------------------------------------------- This e-mail is sent by Suncorp-Metway Limited ABN 66 010 831 722 or one of its related entities ("Suncorp"). Suncorp may be contacted at Level 18, 36 Wickham Terrace, Brisbane or on 1800 689 762 or at suncorp.com.au. The content of this e-mail is the view of the sender or stated author and does not necessarily reflect the view of Suncorp. The content, including attachments, is a confidential communication between Suncorp and the intended recipient. If you are not the intended recipient, any use, interference with, disclosure or copying of this e-mail, including attachments, is unauthorised and expressly prohibited. If you have received this e-mail in error please contact the sender immediately and delete the e-mail and any attachments from your system. If this e-mail constitutes a commercial message of a type that you no longer wish to receive please reply to this e-mail by typing Unsubscribe in the subject line. --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Aussie Macromedia Developers: http://lists.daemon.com.au/
