>>> All service where auth="true" take at least three IN (or INOUT) parameters >>> by deffault 1) login.username 2) login.password and 3) loginUser. >>> >>> No. 1 and 2 definitely make sense. However 3 might be a security threat (or >>> my understanding is wrong). Any user (calling service remotely) can pass >>> loginUser GV (which he some how got hold of, may be by invoking getRelated >>> sort of method on some other GV) which might not belong to her.
Sent from my iPhone On Jul 1, 2010, at 1:42, David E Jones <[email protected]> wrote: >>>> All service where auth="true" take at least three IN (or INOUT) parameters >>>> by deffault 1) login.username 2) login.password and 3) loginUser. >>>> >>>> No. 1 and 2 definitely make sense. However 3 might be a security threat (or >>>> my understanding is wrong). Any user (calling service remotely) can pass >>>> loginUser GV (which he some how got hold of, may be by invoking getRelated >>>> sort of method on some other GV) which might not belong to her.
