If you're purely in a CF environment, why not use CFLOGIN, Roles and SSL? The individual will have to authenticate, and his credentials will be passed with each request, but with SSL the request headers won't be readable.
As far as ensuring a particular set of credentials are in use by only one person at a time, there are ways to accomplish this by uniquely id'ing each client that's accessing your web services. You could store your unique id as a SharedObject and building server side logic to check for attempts to login by other client instances using those credentials. Jeff -----Original Message----- From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Tom Chiverton Sent: Friday, April 25, 2008 11:05 AM To: flexcoders@yahoogroups.com Subject: Re: [flexcoders] Re: Best way to secure a ColdFusion web service On Friday 25 Apr 2008, valdhor wrote: > We don't use Flex to access our Web Services; We use PHP or Perl. To > stop unauthorized access we use a combination of SSL as well as > wssecurity Just to be clear, this doesn't 'stop' anyone writing their own client for your service. -- Tom Chiverton Helping to widespreadedly streamline intuitive markets on: http://thefalken.livejournal.com **************************************************** This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ------------------------------------ -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.comYahoo! Groups Links
