[UPHPU] Token Authentication

[Jim Anderson]

Chad Sollis wrote:
> Greetings,
> I am building a webservice that I would like to require authentication to
> access.  What would be a best practice (and perhaps a light how-to) on
> secure authentication, preferably using a token/shared key.
>
> Unfortunately, the client consuming the webservice will likely not have a
> lot of flexibility on generating anything dynamic to pass along with the
> request.  Is this even possible, if the parameters are static on their side?
>   
It sounds like you will know your client/user base. If that is a 
controlled environment, a simple ip lockdown, in conjunction with ssl, 
should be good for what you are doing. Doing it that way makes it 
seamless to the user as well, wich is always nice.

Just my initial thought.

-jim