Yes, run your requests over SSL You really should be doing this anyway if you are using username and password token, since I believe the default behaviour for the password token is just to base64 encode it. If you don't run over SSL, it would be trivial to sniff up your username and passwords.
Regards, -Mark On 3/1/07, Anonamo <[EMAIL PROTECTED]> wrote:
Hi, I am using XFire web services to transfer lots of data to a client side application. I currently use an authentication token with username and password to make sure no one but our users can use this application. What I'm wondering is if there is a way to prevent our users from accessing the web services from outside of our application. It would be pretty easy to look at the outgoing SOAP requests to figure out how to manually create one and then abuse our web services. We don't really want these services to be available in that way. Is there some common way to do this? Any ideas would be great. Thanks, anomamo
--------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email
