I crypt all parameters which send to Web Service. On the server's side I decrypt it, execute and return result to client. I use free class from UT library...
Generealy speaking - you can read advices - they are in the documentation for SOAP 3.0. I like resume here - "Web Services not a secure technology" :)
Good luck!
>Hi all,
>i am just beginning to write some xml web services in vfp8 and on a basic level can get this to work. but now as i go into more of the design and prototyping stage the issue of handling security has raised its head.
>the idea of building the web servers are thus:
>- enable easier integration with other software with the xml interface.
>- enable the software to be distributed as a standalone system, client server, or a fully distributed web application.
>
>my issue is, with every transaction to the database (insert, delete, update) do i pass the username and password with the request to ensure they are able to process the transaction? or do i create an initialisation routine in the creation of the web services class that checks the user as they try to create the object? or, do i let soap handle it (might be a problem for standalone not using it i suppose.
>
>any help would be greatly appreciated. thanks,
>Jordan
Previous
Reply
View the map of this thread
View the map of this thread starting from this message only
View all messages of this thread
View all messages of this thread starting from this message only