× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. WEB400
  3. May 2015

Re: IBM i authentication and RESTful web service design

Thanks for the feedback and clarifications. Credibility restored :-)

Actually I haven't used the XMLSERVICE with PHP or Ruby, but essentially what I did was put a layer above the CGI calls so the XMLSERVICE can easily be called from a .Net application via HTTP based function calls that are .Net friendly.

For safety sake though this or any API that accepts SQL should typically only be used by the web app itself internally and never exposed to the web. Also SSL is always a good thing as well to avoid wire sniffers.

I think that's where your concern about SQL injection is definitely valid.

I think it's good we all have different perspectives. As with anything there is always choice no matter how we want someone to do it our way.

Have a nice long holiday weekend. Freedom rules !!

Regards,

Richard Schoen | Director of Document Management Technologies, HelpSystems
T: + 1 952-486-6802
RJS Software Systems | A Division of HelpSystems
richard.schoen@xxxxxxxxxxxxxxx
www.rjssoftware.com
Visit me on: Twitter | LinkedIn

-----Original Message-----

------------------------------

message: 2
date: Wed, 20 May 2015 21:08:56 -0600
from: Nathan Andelin <nandelin@xxxxxxxxx>
subject: Re: [WEB400] IBM i authentication and RESTful web service
design

Richard,

I should apologize about using the term "SQL injection" so loosely. I know the term has a negative connotation. My point was that one wouldn't want to provide a "service" which enabled HTTP clients (SPAs, etc.) to send SQL statements to a server for execution. Wouldn't you agree?

Of course ASP.NET applications send SQL statements to servers all the time for execution, and there's nothing wrong with that. I couldn't help but note the irony ;-)

Seriously, no offense intended in regards to your XMLSERVICE .Net Wrapper.
I view XMLSERVICE as a valuable resource. I admit to not having looked at your .Net wrapper, but I have studied the PHP toolkit. Would it be a big mistake for me to assume that your .Net interface is similar?

I don't recall saying anything recently about war in Iraq, ground water contamination, or my general unhappiness. Is that your way of exaggerating and fabricating a position for me?
,
Your viewing me as huffing and puffing anytime I think about .Net is humorous. I admit to having issues with Microsoft products which I view as competitive threats against IBM i. But I mostly believe that organizations would be better served by migrating applications from Windows to IBM i.
Five years of professional experience dedicated to developing under Visual ... and deploying under Windows servers, should count for some credibility
;-)

What about 15 years experience developing hundreds of web applications under IBM i? No?

In regards to educational opportunities at Microsoft Ignite; sorry, my world does not revolve around Microsoft. But you already new that.
Hopefully that's okay on this list.




As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.