RE: Password protect a webservice
Any one? Mark W. Breneman -Cold Fusion Developer -Network Administrator Vivid Media [EMAIL PROTECTED] www.vividmedia.com 608.270.9770 _ From: Mark W. Breneman [mailto:[EMAIL PROTECTED] Sent: Monday, August 02, 2004 4:33 PM To: CF-Talk Subject: Password protect a webservice Is there a standard way to secure a web service? I have a client that wants to download user data through a web service. I know that we can use SSL to secure the transfer but is there a way to password protect the web serice. Oh, and the client plans on accessing this data from MS access. I need to make sure that access can deal with what ever security I use. Mark W. Breneman -Cold Fusion Developer -Network Administrator Vivid Media [EMAIL PROTECTED] www.vividmedia.com 608.270.9770 _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: Password protect a webservice
You could require a username/password combo to be passed to the webservice for each transaction. I've no idea if this is standard, but it's certainly doable. --Ben Mark W. Breneman wrote: > Any one? > > > Mark W. Breneman > -Cold Fusion Developer > -Network Administrator > Vivid Media > [EMAIL PROTECTED] > www.vividmedia.com > 608.270.9770 > > _ > > From: Mark W. Breneman [mailto:[EMAIL PROTECTED] > Sent: Monday, August 02, 2004 4:33 PM > To: CF-Talk > Subject: Password protect a webservice > > Is there a standard way to secure a web service? I have a client that wants > to download user data through a web service. I know that we can use SSL to > secure the transfer but is there a way to password protect the web serice. > > Oh, and the client plans on accessing this data from MS access. I need to > make sure that access can deal with what ever security I use. > > Mark W. Breneman > -Cold Fusion Developer > -Network Administrator > Vivid Media > [EMAIL PROTECTED] > www.vividmedia.com > 608.270.9770 > _ > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: Password protect a webservice
Mark W. Breneman wrote: > Any one? Webservices work over HTTP, so you can use the authentication mechanisms build into that. I would presume that anything that can download over HTTP can at least do Basic Authentication. Jochem [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: Password protect a webservice
Mark, I haven't dived into it too deeply yet, but there is the "roles" attribute of cffunction. This is specifically for securing webservices, and though I haven't looked at it thoroughly yet I would imagine that it is tied into roles set through cflogin... Cutter Mark W. Breneman wrote: > Any one? > > > Mark W. Breneman > -Cold Fusion Developer > -Network Administrator > Vivid Media > [EMAIL PROTECTED] > www.vividmedia.com > 608.270.9770 > > _ > > From: Mark W. Breneman [mailto:[EMAIL PROTECTED] > Sent: Monday, August 02, 2004 4:33 PM > To: CF-Talk > Subject: Password protect a webservice > > Is there a standard way to secure a web service? I have a client that wants > to download user data through a web service. I know that we can use SSL to > secure the transfer but is there a way to password protect the web serice. > > Oh, and the client plans on accessing this data from MS access. I need to > make sure that access can deal with what ever security I use. > > Mark W. Breneman > -Cold Fusion Developer > -Network Administrator > Vivid Media > [EMAIL PROTECTED] > www.vividmedia.com > 608.270.9770 > _ > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: Password protect a webservice
Just a FYI for everyone. Looks like passing a user name and password to the webservice using https://bob:[EMAIL PROTECTED]/getdata.cfc using folder / file security on the webserver does work with Office XP Web Services Toolkit 2.0. The only question I have is how does IE latest security "fix" work with this? It is my understanding that IE will no longer correctly deal with the user/pass in the URL. Cumulative Security Update for Internet Explorer (832894)", which disables the user:pass@ way of authentication. Does this also apply to Microsoft Office XP Web Services Toolkit 2.0 in this case MS access or the VB editor in access? Mark W. Breneman -Cold Fusion Developer -Network Administrator Vivid Media [EMAIL PROTECTED] www.vividmedia.com 608.270.9770 _ From: Cutter (CF-Talk) [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 03, 2004 9:58 AM To: CF-Talk Subject: Re: Password protect a webservice Mark, I haven't dived into it too deeply yet, but there is the "roles" attribute of cffunction. This is specifically for securing webservices, and though I haven't looked at it thoroughly yet I would imagine that it is tied into roles set through cflogin... Cutter Mark W. Breneman wrote: > Any one? > > > Mark W. Breneman > -Cold Fusion Developer > -Network Administrator > Vivid Media > [EMAIL PROTECTED] > www.vividmedia.com > 608.270.9770 > > _ > > From: Mark W. Breneman [mailto:[EMAIL PROTECTED] > Sent: Monday, August 02, 2004 4:33 PM > To: CF-Talk > Subject: Password protect a webservice > > Is there a standard way to secure a web service? I have a client that wants > to download user data through a web service. I know that we can use SSL to > secure the transfer but is there a way to password protect the web serice. > > Oh, and the client plans on accessing this data from MS access. I need to > make sure that access can deal with what ever security I use. > > Mark W. Breneman > -Cold Fusion Developer > -Network Administrator > Vivid Media > [EMAIL PROTECTED] > www.vividmedia.com > 608.270.9770 > _ > _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: Password protect a webservice
That was my understanding as well is that it wouldn't work in IE. I'm curious what the username/password attributes in cfinvoke check against. Anyone know? John -Original Message- From: Mark W. Breneman [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 03, 2004 1:18 PM To: CF-Talk Subject: RE: Password protect a webservice Just a FYI for everyone. Looks like passing a user name and password to the webservice using https://bob:[EMAIL PROTECTED]/getdata.cfc using folder / file security on the webserver does work with Office XP Web Services Toolkit 2.0. The only question I have is how does IE latest security "fix" work with this? It is my understanding that IE will no longer correctly deal with the user/pass in the URL. Cumulative Security Update for Internet Explorer (832894)", which disables the user:pass@ way of authentication. Does this also apply to Microsoft Office XP Web Services Toolkit 2.0 in this case MS access or the VB editor in access? Mark W. Breneman -Cold Fusion Developer -Network Administrator Vivid Media [EMAIL PROTECTED] www.vividmedia.com 608.270.9770 _ From: Cutter (CF-Talk) [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 03, 2004 9:58 AM To: CF-Talk Subject: Re: Password protect a webservice Mark, I haven't dived into it too deeply yet, but there is the "roles" attribute of cffunction. This is specifically for securing webservices, and though I haven't looked at it thoroughly yet I would imagine that it is tied into roles set through cflogin... Cutter Mark W. Breneman wrote: > Any one? > > > Mark W. Breneman > -Cold Fusion Developer > -Network Administrator > Vivid Media > [EMAIL PROTECTED] > www.vividmedia.com > 608.270.9770 > > _ > > From: Mark W. Breneman [mailto:[EMAIL PROTECTED] > Sent: Monday, August 02, 2004 4:33 PM > To: CF-Talk > Subject: Password protect a webservice > > Is there a standard way to secure a web service? I have a client that wants > to download user data through a web service. I know that we can use SSL to > secure the transfer but is there a way to password protect the web serice. > > Oh, and the client plans on accessing this data from MS access. I need to > make sure that access can deal with what ever security I use. > > Mark W. Breneman > -Cold Fusion Developer > -Network Administrator > Vivid Media > [EMAIL PROTECTED] > www.vividmedia.com > 608.270.9770 > _ > _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: Password protect a webservice
After a little testing it looks like the Office XP Web Services Toolkit can still use the username / password in the URL line even after I applied all of the IE patches. Wonder if Office XP Web Services Toolkit has the same security issues the IE has. Not that it will be an issue for this application. https://bob:[EMAIL PROTECTED]/getdata.cfc?wsdl Mark W. Breneman -Cold Fusion Developer -Network Administrator Vivid Media [EMAIL PROTECTED] www.vividmedia.com 608.270.9770 _ From: Burns, John D [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 03, 2004 1:35 PM To: CF-Talk Subject: RE: Password protect a webservice That was my understanding as well is that it wouldn't work in IE. I'm curious what the username/password attributes in cfinvoke check against. Anyone know? John -Original Message- From: Mark W. Breneman [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 03, 2004 1:18 PM To: CF-Talk Subject: RE: Password protect a webservice Just a FYI for everyone. Looks like passing a user name and password to the webservice using https://bob:[EMAIL PROTECTED]/getdata.cfc using folder / file security on the webserver does work with Office XP Web Services Toolkit 2.0. The only question I have is how does IE latest security "fix" work with this? It is my understanding that IE will no longer correctly deal with the user/pass in the URL. Cumulative Security Update for Internet Explorer (832894)", which disables the user:pass@ way of authentication. Does this also apply to Microsoft Office XP Web Services Toolkit 2.0 in this case MS access or the VB editor in access? Mark W. Breneman -Cold Fusion Developer -Network Administrator Vivid Media [EMAIL PROTECTED] www.vividmedia.com 608.270.9770 _ From: Cutter (CF-Talk) [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 03, 2004 9:58 AM To: CF-Talk Subject: Re: Password protect a webservice Mark, I haven't dived into it too deeply yet, but there is the "roles" attribute of cffunction. This is specifically for securing webservices, and though I haven't looked at it thoroughly yet I would imagine that it is tied into roles set through cflogin... Cutter Mark W. Breneman wrote: > Any one? > > > Mark W. Breneman > -Cold Fusion Developer > -Network Administrator > Vivid Media > [EMAIL PROTECTED] > www.vividmedia.com > 608.270.9770 > > _ > > From: Mark W. Breneman [mailto:[EMAIL PROTECTED] > Sent: Monday, August 02, 2004 4:33 PM > To: CF-Talk > Subject: Password protect a webservice > > Is there a standard way to secure a web service? I have a client that wants > to download user data through a web service. I know that we can use SSL to > secure the transfer but is there a way to password protect the web serice. > > Oh, and the client plans on accessing this data from MS access. I need to > make sure that access can deal with what ever security I use. > > Mark W. Breneman > -Cold Fusion Developer > -Network Administrator > Vivid Media > [EMAIL PROTECTED] > www.vividmedia.com > 608.270.9770 > _ > _ _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
