RE: Integrated Web Server Authentication -- MIDRANGE-L

Subject: RE: Integrated Web Server Authentication
From: "Coyle, Stephen F." <SCoyle@xxxxxxxxxxxxx>
Date: Mon, 6 Jul 2009 10:12:03 -0400
List-archive: <http://archive.midrange.com/midrange-l>
List-help: <mailto:midrange-l-request@midrange.com?subject=help>
List-id: Midrange Systems Technical Discussion <midrange-l.midrange.com>
List-post: <mailto:midrange-l@midrange.com>
List-subscribe: <http://lists.midrange.com/mailman/listinfo/midrange-l>, <mailto:midrange-l-request@midrange.com?subject=subscribe>
List-unsubscribe: <http://lists.midrange.com/mailman/listinfo/midrange-l>, <mailto:midrange-l-request@midrange.com?subject=unsubscribe>

The service itself returns data from our purchasing module. The fear is
that someone discovers the service is available and accesses it without
authority. The request parameters are easily identified to figure out
what's needed. I was hoping there was some way to configure the server
that would make the user id visible to the web service without relying
on any kind of client mechanism. I don't have any experience with the
admin side of either the http or the app server so I was wondering what
others have done who may have gone down this road.

Thanks...
- Steve

As an Amazon Associate we earn from qualifying purchases.

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.