thanks for your help, and thanks for rays link on ajax security we will have to read around this some more.
thanks again richard >Richard, > >We recently implemented a few webservices for our parent company. When >doing these I took a multi-tier approach: > >1) folder of service requires authentication (web server) >2) Application in folder required the request be made over SSL >3) Application took authentication credentials from server auth, and >also verified against: > a) List of authorized users > b) DB check of authentication to system > This applied a role to the authenticated user, for which certain >services required specific roles for access as well. > >This is how we've handled this particular access. A lot of the data >being returned from the service is also encrypted, providing another >layer of security. > >Using Ajax for these services, you may also want to review this article >from Ray Camden, >http://www.coldfusionjedi.com/index.cfm/2007/7/31/ColdFusion-8-Ajax-Security-Features. > >Steve "Cutter" Blades >Adobe Certified Professional >Advanced Macromedia ColdFusion MX 7 Developer >_____________________________ >http://blog.cutterscrossing.com > >Richard White wrote: >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:313343 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4