Re: [flexcoders] Enterprise use of web services

[Tom Chiverton]

On Monday 03 Dec 2007, Joe Gamache wrote:
 services require a User to be authenticated first, what is the best
 practice?

Run over TLS, and send the username and password, getting back a token.
All other methods take that token and validate it (not too old, from the same 
IP it was issued too etc.).

-- 
Tom Chiverton
Helping to continuously seize sexy markets
on: http://thefalken.livejournal.com



Please note, as of 10th December 2007 the registered office address of 
Halliwells LLP will be at 3 Hardman Square, Spinningfields, Manchester, M3 3EB



This email is sent for and on behalf of Halliwells LLP.

Halliwells LLP is a limited liability partnership registered in England and 
Wales under registered number OC307980 whose registered office address is at St 
James's Court Brown Street Manchester M2 2JF.  A list of members is available 
for inspection at the registered office.  Any reference to a partner in 
relation to Halliwells LLP means a member of Halliwells LLP.  Regulated by The 
Solicitors Regulation Authority.

CONFIDENTIALITY

This email is intended only for the use of the addressee named above and may be 
confidential or legally privileged.  If you are not the addressee you must not 
read it and must not use any information contained in nor copy it nor inform 
any person other than Halliwells LLP or the addressee of its existence or 
contents.  If you have received this email in error please delete it and notify 
Halliwells LLP IT Department on 0870 365 2500.

For more information about Halliwells LLP visit www.halliwells.com.


--
Flexcoders Mailing List
FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt
Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com 
Yahoo! Groups Links

* To visit your group on the web, go to:
http://groups.yahoo.com/group/flexcoders/

* Your email settings:
Individual Email | Traditional

* To change settings online go to:
http://groups.yahoo.com/group/flexcoders/join
(Yahoo! ID required)

* To change settings via email:
mailto:[EMAIL PROTECTED] 
mailto:[EMAIL PROTECTED]

* To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]

* Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
 

[flexcoders] Enterprise use of web services

[Joe Gamache]

Hello,

I am new to the list and sorry if this is a repeat question!

I am wondering about the recommended 'best practice' on the use of web  
services in an enterprise Flex (2) application.  Looking around I  
found the Kiwi project which seems to suggest that (with proper use of  
Cairngorm) the View (mxml file) never needs to call a web service.   
Rather these should be delegated to the server side.  While that makes  
sense to me, I was wondering if this was now widely considered  
acceptable.

For our application, a very related question is how to handle  
Authentication.  Not how to 'do' authentication, but how securely  
manage it.  More directly related to the above web service discussion,  
so if I am only calling web services from the Server, but those web  
services require a User to be authenticated first, what is the best  
practice?

Thanks for any discussion or pointers to previous ones.