Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Nov 27, 2012 01:51 PM by BrockAllen
Nov 25, 2012 10:24 AM|LINK
Assuming that I have two systems (A & B) that i need to integrate with each other using web services,system Aoffers web services that retrive different types of documents (images,word doc,pdf, excel, auto cad, etc) ,so i am thinking of implementing the following
system B will send a request containing a username and password to system A asking for the one time 64-char password.
System A will send a time synscrozied (based on current date & time) onetime password or token containing 64 characters to system B.
System B will call system A web services using the 64 characters password.
System A will check if the 64 -char password is valid.
system A will respond to system B request.
system A will removed the 64 password from the valid password (so incase system B or another system calls system A web services using the previously generated 64-char password the call will fail)
system A will generate a new 64-char password and send it to system B when needed.
system B calls system A web service using the newly 64-password.
So my question will this approach be secure baring in mind that i will implement the communication between the two system to be under https, or i can implement a more reliable approach ?.
Nov 25, 2012 03:07 PM|LINK
Why don't you just send the username/password on each request (over SSL)?
Nov 26, 2012 07:43 AM|LINK
thanks for the reply, but i cannot guarantee that the password will be the same on the two systems as each system will have his own username source, but i can guarantee that the username itself is the same. and to get some flexibility
Nov 26, 2012 02:13 PM|LINK
Nov 27, 2012 06:23 AM|LINK
Nov 27, 2012 01:51 PM|LINK
So fro the service-to-service communication using a password based scheme makes sense.