Re: Re: SOAP::Lite and mod

BINGO. Worked like a charm testing locally, will test again tomorrow in the dev environment.

In this particular case, the client is going to provide us with a list of possible ip's they'll be connecting to the service with, and we'll be able to associate at least a list of ip's with the user account. agreed, it's not a perfect solution, but it's the one i've been charged with implementing. i'd be delighted, however, to hear an alternative approach i can sell to the powers that be?

Thanks again muchly for the tip, feels good to be unstuck.

c

Comment on Re: Re: SOAP::Lite and mod_perl

Replies are listed 'Best First'.
Re: Re: Re: SOAP::Lite and mod_perl by samtregar (Abbot) on Apr 29, 2003 at 07:56 UTC
You might mention to the powers that be that relying on IPs for authentication is a really bad idea. Spoofing IPs is something crackers do all day long. Is there some reason the usual cookie-based username/password login won't work for you? I implemented a SOAP system for Bricolage which supports a login call and uses standard HTTP cookies for authentication. Put it over SSL and I bet it would be pretty hard to break. -sam	[reply]

Replies are listed 'Best First'.

Re: Re: Re: SOAP::Lite and mod_perl
by samtregar (Abbot) on Apr 29, 2003 at 07:56 UTC

Is there some reason the usual cookie-based username/password login won't work for you? I implemented a SOAP system for Bricolage which supports a login call and uses standard HTTP cookies for authentication. Put it over SSL and I bet it would be pretty hard to break.

-sam

[reply]