Information générale
Catégorie:
The Mere Mortals .NET Framework
>Pretty simple, IMHO. ;)
So, your web service authentication is that a GUID is passed in as a paramter, and it that GUID is in your login table or such, then they are considered ok.
Just playing DA here... What if a "rouge" programmer was able to log into your system... then they would have the GUID to pass to your web services?
I assume you require SSL to access your web services so these GUID's can't be sniffed?
Also, you don't use an encrypted authentication ticket or anything?
BOb
Précédent
Suivant
Répondre
Voir le fil de ce thread
Voir le fil de ce thread à partir de ce message seulement
Voir tous les messages de ce thread
Voir tous les messages de ce thread à partir de ce message seulement