[Vtigercrm-developers] SOAP services

Joao Oliveira joaopcoliveira at gmail.com
Wed Mar 22 04:06:56 PST 2006


Hello Mike.

Thanks for the ansewer.

I'm doing some search to evaluate how hard is to implement a session
mechanism in SOAP services in PHP.

I'll post my results.

In mean time, if someone has suggestions, please do post them.

And about my sugestion regarding $_SERVER[], forget it. I thought that it
was possible to define there some custom server global variables, but it
isn't.

Best Regards
João Oliveira

On 3/22/06, Mike Fedyk <mfedyk at mikefedyk.com> wrote:
>
> How hard is it to do the authentication code?  If it can't be done
> quickly then let's create a variable that turns soap off when (so
> upgrades will disable soap even if the new variable is not in config.php).
>
> Joao Oliveira wrote:
> > Hello all,
> >
> > I've been looking at vtiger SOAP (version 4.2.x and 5 alpha), and i've
> > realized that there is an authentication mechanism for them, but it
> > only returns true or false...
> >
> > Once that you guys have been doing a great effort in order to improve
> > security, but i think that all security is possible to bypass by
> > accessing by SOAP Services. Am I wrong ?
> >
> > for example...
> >
> > method DeleteTasks($username,$crmid) in vtigerolservice.php
> >
> > If i'm a stranger, i still can do something like DeleteTasks('admin',
> > 1); without any kind of authentication ...
> >
> > IMHO, it should be used any kind of token authentication and saved in
> > $_SERVER[] variable, or authenticate an user with username/password
> > each time one method is call.
> >
> > Best Regards
> > João Oliveira.
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > This vtiger.com email is sponsored by Zoho Planner. Still scribbling
> down your To-Do's on bits of paper & palms of your hands? Try the AJAX
> enabled, personal organizer online, Zoho Planner for FREE instead!
> http://zohoplanner.com/?vt
> _______________________________________________
> This vtiger.com email is sponsored by Zoho Planner. Still scribbling down
> your To-Do's on bits of paper & palms of your hands? Try the AJAX enabled,
> personal organizer online, Zoho Planner for FREE instead!
> http://zohoplanner.com/?vt
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20060322/74601a37/attachment-0003.html 


More information about the vtigercrm-developers mailing list