A web service can return any text you want it to (or binary w/DIME, but
we won't go there). It's not going to return a "result set" in the SQL
sense of the term, but there's no reason it couldn't return a list of
records. The rows could be a full-on XML representation:
etc. It's up to you to represent the data in a way that can be consumed
by your customers.
As for security. There are several main schools of thought, and each one
has its merits and uses.
1) Don't secure it. Possibly acceptable in an internal network where you
tightly control both ends.
2) Add a web service to "login" to your system. That service takes a
secret (username/password) and returns a session id. Then every other
service takes the session id (usually as the first parm) and validates
it. Throwing if it's not valid.
3) Perform the same "session" management using cookies, or a similar
construct. This depends more on your deployment infrastructure.
4) Pass the shared secret (username/password) on each call. Then you
don't need to worry about sessions, you just validate the secret each
time.
There are also approaches using client-side certificates, but I've found
those to be more trouble then their worth.
-Walden
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.