Chad Sollis wrote:
Greetings,
I am building a webservice that I would like to require authentication to
access. What would be a best practice (and perhaps a light how-to) on
secure authentication, preferably using a token/shared key.
Unfortunately, the client consuming the webservice will likely not have a
lot of flexibility on generating anything dynamic to pass along with the
request. Is this even possible, if the parameters are static on their side?
It sounds like you will know your client/user base. If that is a
controlled environment, a simple ip lockdown, in conjunction with ssl,
should be good for what you are doing. Doing it that way makes it
seamless to the user as well, wich is always nice.
Just my initial thought.
-jim
_______________________________________________
UPHPU mailing list
[email protected]
http://uphpu.org/mailman/listinfo/uphpu
IRC: #uphpu on irc.freenode.net
