On Mon, Jul 23, 2012 at 10:42 AM, Jason King <[email protected]> wrote:
> I'm assuming I basically need to create some kind of API key that > would be passed along with the rest of the arguments, and the CFC > would only run if the API key matches the userID? > Right -- if you search on how to secure REST resources (language doesn't matter here) you'll find reams of stuff. If a login is required they can pass a known, semi-permanent token or other creds as part of the request, or if it's a one-time operation and you only WANT people to be able to use a token once or for a limited time, the process is similar but you'd look into using a nonce and negotiating things slightly differently. And don't forget since this is just HTTP you can secure this in the web server using anything available at that level as well. -- Matthew Woodward [email protected] http://blog.mattwoodward.com identi.ca / Twitter: @mpwoodward Please do not send me proprietary file formats such as Word, PowerPoint, etc. as attachments. http://www.gnu.org/philosophy/no-word-attachments.html -- online documentation: http://openbd.org/manual/ http://groups.google.com/group/openbd?hl=en
