[Vtigercrm-developers] SOAP services

[Mike Fedyk]

Lee Valentine wrote:
> Hi,
>
> To implement authentication into SOAP services, the servers can be placed in a director such as soap/ and place
> htaccess authentication in the directory.  The soap client provides a function to authenticate:
>
>   $client = new soapclient( 'http://server.com/crm/soap/server.php', ... );
>   $client->setCredentials('username', 'password');
>
> .htaccess:
> AuthName "SOAP"
> AuthType Basic
> AuthUserFile /path/to/.htpasswd
> Require valid-user
>
> Another method to use would be to place the code below at the top of the soap server and place the
> username/password in variables in the config.  This method has prerequisites:
>
> "The $PHP_AUTH_USER, $PHP_AUTH_PW and $PHP_AUTH_TYPE global variables are only available when PHP is installed as a
> module. If you're using the CGI version of PHP, you will be limited to Web server-based authentication or other custom
> types of authentication (such as using HTML forms) to match passwords in a database."
I really don't want vtiger to authenticate against the web server, or a 
htpasswd file.  We should authenticate SOAP against the vtiger users 
stored in the vtiger database, though this may be an interim solution.  
Can you ready a patch that takes care of the first option?  It's better 
than what we have now..

Also I don't want to do anything that causes vtiger to depend on 
mod_php.  I will have my test server running php over fastcgi via suexec 
soon in my development environment as this seems to be the only sane way 
to securely run a php web server.

Mike