On 11/21/2010 7:23 PM, Henrik RÃtzou wrote:
Very simple
you have a price lookup
http://myspace/mysalesprogram.pgm?custno=12345&item=123456
returns
price:125.00
let retrun the service
http://myspace/mysalesprogram.pgm?custno=54321&item=123456
returns
proce: 45.00
is this smart ?
Whew. I thought you were going to tell me some weird thing that was
specific to REST programming that I didn't know. Really, this is
nothing new, Henrik. We've had to deal with this the exact same problem
with thin client applications for years now. This is the issue of
"authentication" vs. "authorization" which is why I asked about it in
the first place.
Authentication has mostly to do with the process of letting someone even
start your application (or access web pages, or a number of other
things). That usually happens via password challenge, and HTTPS
provides a secure layer to allow that to occur.
Once that's done, however, the session now needs to keep track of the
user credentials which are then used to authorize the session's access
to data (the "authorization" part of security). As Richard pointed out,
this can be done a number of ways (stateful sessions, cached
credentials, whatever). Then, as Mike outlined, our server would only
provide access to rows and columns that the user had access to.
I'm pretty comfortable that we can handle this sort of thing.
Joe
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.