In your example you needed 1st to know the login/pwd couple. So I can't see the problem here.
Jacques From: "Muhammed Aamir" <[email protected]>
All service where auth="true" take at least three IN (or INOUT) parameters by deffault 1) login.username 2) login.password and 3) loginUser. No. 1 and 2 definitely make sense. However 3 might be a security threat (or my understanding is wrong). Any user (calling service remotely) can pass loginUser GV (which he some how got hold of, may be by invoking getRelated sort of method on some other GV) which might not belong to her.
Sent from my iPhone On Jul 1, 2010, at 1:42, David E Jones <[email protected]> wrote:
All service where auth="true" take at least three IN (or INOUT) parameters by deffault 1) login.username 2) login.password and 3) loginUser. No. 1 and 2 definitely make sense. However 3 might be a security threat (or my understanding is wrong). Any user (calling service remotely) can pass loginUser GV (which he some how got hold of, may be by invoking getRelated sort of method on some other GV) which might not belong to her.
