On 4/10/06, Angus Johnson <[EMAIL PROTECTED]> wrote: > > Hi, > > Can anyone tell me whether I am right by making the following assumptions; > > To make sure the proper client is talking to our server over **HTTPS** with > XML I can do the following to authenticate them: > - validate their remote IP (apparently can be spoofed??) to the one we have > on file > - work with public keys
this would work well. You could even get your user to setup a persistent port forward using a public key and then call your xml page on their local port (say) 1234 and have that portforwarded into your server via your port 22. And have the website on a separate apache instance only listening on a certain port to local users. We do that for some secure web services. Would be hard to set up if you have many users tho. > - have them include a password in the XML packet (obviously this could be > guessed by brute force) well you could block a user for x mins if they get their password wrong x times. HTH Gav --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to cfaussie@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cfaussie -~----------~----~----~----~------~----~------~--~---