We've used an authentication token, much like a cookie, with great success.
We also have fairly expensive authentication/authorization operations which
are greatly streamlined by caching, so it was of great benefit to
authenticate as few times as possible.
A slightly different point of note is that all web service invocations on
CFCs happen "statically". In other words, all your web service invocations
initialaze a brand new CFC instance for each request, call a method on the
instnace, and then it gets thrown away, never to be used again.
Cheers,
barneyb
> -----Original Message-----
> From: Marlon Moyer [mailto:[EMAIL PROTECTED]
> Sent: Thursday, April 22, 2004 12:27 PM
> To: CF-Talk
> Subject: Web Services
>
> I'm trying to experiment with web services and I've already
> run into my
> first conundrum. It seems that the basic principle of web services
> dictates a stateless design. So how do you maintain security in your
> services. Say you have a time sheet program and the flow
> goes something
> like this:
>
>
>
> 1.enter site.
>
> 2.log into system
>
> 3.enter new time into system
>
> 4.review old records.
>
> 5.edit previous entry
>
>
>
> Does this mean that for steps 2 through 5 you'll be sending the
> user/password combo so that each call can be authenticated? I've
> thought that maybe step 2 could return a connection id that you could
> sub for the user/password combo.....
>
>
>
>
>
>
>
>
>
>
>
> --
>
> Marlon Moyer, Sr. Internet Developer
>
> American Contractors Insurance Group
>
> phone: 972.687.9445
>
> fax: 972.687.0607
>
> mailto:[EMAIL PROTECTED]
>
> www.acig.com
>
>
>
>
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
