I crypt all parameters which send to Web Service. On the server's side I decrypt it, execute and return result to client. I use free class from UT library...

Generealy speaking - you can read advices - they are in the documentation for SOAP 3.0. I like resume here - "Web Services not a secure technology" :)

Good luck!


>Hi all,
>i am just beginning to write some xml web services in vfp8 and on a basic level can get this to work. but now as i go into more of the design and prototyping stage the issue of handling security has raised its head.
>the idea of building the web servers are thus:
>- enable easier integration with other software with the xml interface.
>- enable the software to be distributed as a standalone system, client server, or a fully distributed web application.
>
>my issue is, with every transaction to the database (insert, delete, update) do i pass the username and password with the request to ensure they are able to process the transaction? or do i create an initialisation routine in the creation of the web services class that checks the user as they try to create the object? or, do i let soap handle it (might be a problem for standalone not using it i suppose.
>
>any help would be greatly appreciated. thanks,
>Jordan