RE: Password protect a webservice

Tue, 03 Aug 2004 11:40:39 -0700

That was my understanding as well is that it wouldn't work in IE.  I'm
curious what the username/password attributes in cfinvoke check against.
Anyone know?

John

-----Original Message-----
From: Mark W. Breneman [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 03, 2004 1:18 PM
To: CF-Talk
Subject: RE: Password protect a webservice

Just a FYI for everyone. Looks like passing a user name and password to
the webservice using  <https://bob:[EMAIL PROTECTED]>
https://bob:[EMAIL PROTECTED]/getdata.cfc using folder / file security
on the webserver does work with Office XP Web Services Toolkit 2.0.

The only question I have is how does IE latest security "fix" work with
this?  It is my understanding that IE will no longer correctly deal with
the user/pass in the URL.  Cumulative Security Update for Internet
Explorer (832894)", which disables the user:pass@ way of authentication.
Does this
also apply to   Microsoft Office XP Web Services Toolkit 2.0 in this
case MS
access or the VB editor in access?

Mark W. Breneman
-Cold Fusion Developer
-Network Administrator
  Vivid Media
  [EMAIL PROTECTED]
  www.vividmedia.com <http://www.vividmedia.com/>
  608.270.9770

  _____  

From: Cutter (CF-Talk) [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 03, 2004 9:58 AM
To: CF-Talk
Subject: Re: Password protect a webservice

Mark,

I haven't dived into it too deeply yet, but there is the "roles"
attribute of cffunction. This is specifically for securing webservices,
and though I haven't looked at it thoroughly yet I would imagine that it

is tied into roles set through cflogin...

Cutter

Mark W. Breneman wrote:
> Any one?
>
>
> Mark W. Breneman
> -Cold Fusion Developer
> -Network Administrator
>   Vivid Media
>   [EMAIL PROTECTED]
>   www.vividmedia.com <http://www.vividmedia.com/>
>   608.270.9770
>
>   _____  
>
> From: Mark W. Breneman [mailto:[EMAIL PROTECTED]
> Sent: Monday, August 02, 2004 4:33 PM
> To: CF-Talk
> Subject: Password protect a webservice
>
> Is there a standard way to secure a web service? I have a client that
wants
> to download user data through a web service. I know that we can use
SSL to
> secure the transfer but is there a way to password protect the web
serice.
>
> Oh, and the client plans on accessing this data from MS access. I need
to
> make sure that access can deal with what ever security I use.
>
> Mark W. Breneman
> -Cold Fusion Developer
> -Network Administrator
>   Vivid Media
>   [EMAIL PROTECTED]
>   www.vividmedia.com <http://www.vividmedia.com/>
>   608.270.9770
>   _____
>
  _____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]

Reply via email to