-adam
> -----Original Message-----
> From: Barney Boisvert [mailto:[EMAIL PROTECTED]
> Sent: Thursday, April 22, 2004 08:17 PM
> To: 'CF-Talk'
> Subject: RE: Web Services
>
> Web services are only as stateless as the protocol (HTTP) makes them.
>
> We've used an authentication token, much like a cookie, with great success.
> We also have fairly expensive authentication/authorization operations which
> are greatly streamlined by caching, so it was of great benefit to
> authenticate as few times as possible.
>
> A slightly different point of note is that all web service invocations on
> CFCs happen "statically". In other words, all your web service invocations
> initialaze a brand new CFC instance for each request, call a method on the
> instnace, and then it gets thrown away, never to be used again.
>
> Cheers,
> barneyb
>
> > -----Original Message-----
> > From: Marlon Moyer [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, April 22, 2004 12:27 PM
> > To: CF-Talk
> > Subject: Web Services
> >
> > I'm trying to experiment with web services and I've already
> > run into my
> > first conundrum. It seems that the basic principle of web services
> > dictates a stateless design. So how do you maintain security in your
> > services. Say you have a time sheet program and the flow
> > goes something
> > like this:
> >
> >
> >
> > 1.enter site.
> >
> > 2.log into system
> >
> > 3.enter new time into system
> >
> > 4.review old records.
> >
> > 5.edit previous entry
> >
> >
> >
> > Does this mean that for steps 2 through 5 you'll be sending the
> > user/password combo so that each call can be authenticated? I've
> > thought that maybe step 2 could return a connection id that you could
> > sub for the user/password combo.....
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > --
> >
> > Marlon Moyer, Sr. Internet Developer
> >
> > American Contractors Insurance Group
> >
> > phone: 972.687.9445
> >
> > fax: 972.687.0607
> >
> > mailto:[EMAIL PROTECTED]
> >
> > www.acig.com
> >
> >
> >
> >
> >
> >
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
