I know it's supposedly a simple concept, but I've never wrapped my head around the benefit of HTTP Auth. How would I use that with my url? Is HTTP Auth just a way to send user/pass? What's the benefit if I'm already using SSL?
Just trying to understand. On Thu, Jul 25, 2013 at 2:50 PM, Alan Williamson <[email protected]> wrote: > yup nearly ... the only thing i would do is not send in the > username/password as a URL param, instead use HTTP Basic Auth or some other > encoding mechanism, for example Amazon uses encryption key to do the > encoding over the wire to sign the request. > > > > > On 25/07/2013 15:26, Jason Allen wrote: > >> Using OpenBD to power Android apps. >> >> I'm wanting to build an Android app, and I'm trying to figure out the >> best way to allow the app access to OpenBD. >> >> I have OpenBD running on CentOS 6.4 >> >> I have CFC's created that can return the data as JSON structures if >> requested. I use the CFC's in AJAX/JSON requests. >> >> I'm going to create a very basic API, which is essentially a developerID >> (for the developer) and appID+appKey that will be used to authenticate >> external apps (basically giving the app it's own userID/password). While I >> don't have any 3rd parties creating apps, I feel this method will give a >> reasonable path forward to giving a 3rd party access in the future. I >> would essentially write each CFC to use the developerID+AppKey+AppID as >> additional arguments, and much like a password, the data would need to be >> correct in order to return a result. >> >> Any interally built apps would get developerID of 1, and then each app >> built would get it's own ID/Key. >> >> To my understanding, to make this data available to an app, I just need >> to allow for remote calls to the .CFC (from non-domain source), setup https >> (for secure transactions), and configure the cfc call to return data in >> JSON format. >> >> As an example, here's an HTTPS url calling a login function via cfc. If >> successful, it returns Success=1 and creates a session. If it fails, >> returns Success=0. In theory, I believe I should be able to code the app so >> that send this url using the data provided by the user, and interprets the >> returned JSON code accordingly. >> >> https://company.com/cfc/login.**cfc?method=login&userID=#** >> userID#&password=#password#&**appID=#appID#&appkey#appKey#<https://company.com/cfc/login.cfc?method=login&userID=#userID%23&password=%23password%23&appID=%23appID%23&appkey%23appKey%23> >> >> Am I on the right track? Before I start dealing with an android >> developer (or trying it on my own), I want to lock down how I'm going to >> handle remote requests from external apps. >> > > -- > -- > online documentation: http://openbd.org/manual/ > http://groups.google.com/**group/openbd?hl=en<http://groups.google.com/group/openbd?hl=en> > > --- You received this message because you are subscribed to the Google > Groups "Open BlueDragon" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to > openbd+unsubscribe@**googlegroups.com<openbd%[email protected]> > . > For more options, visit > https://groups.google.com/**groups/opt_out<https://groups.google.com/groups/opt_out> > . > > > -- -- online documentation: http://openbd.org/manual/ http://groups.google.com/group/openbd?hl=en --- You received this message because you are subscribed to the Google Groups "Open BlueDragon" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
