Hi all,
i am just beginning to write some xml web services in vfp8 and on a basic level can get this to work. but now as i go into more of the design and prototyping stage the issue of handling security has raised its head.
the idea of building the web servers are thus:
- enable easier integration with other software with the xml interface.
- enable the software to be distributed as a standalone system, client server, or a fully distributed web application.

my issue is, with every transaction to the database (insert, delete, update) do i pass the username and password with the request to ensure they are able to process the transaction? or do i create an initialisation routine in the creation of the web services class that checks the user as they try to create the object? or, do i let soap handle it (might be a problem for standalone not using it i suppose.

any help would be greatly appreciated. thanks,
Jordan