[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Consume https web service with userid and password.

Thanks Mike, checking out the links..

SoapUI, after interrogating the wsdl, generated the request that included a nonce,
and I just pasted/pieced into rpg source, and it worked.

"(but it might take reading it more than once)" .. heh heh heh - yep.


-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Mike Krebs
Sent: Friday, April 18, 2014 11:24 AM
To: HTTPAPI and FTPAPI Projects
Subject: RE: Consume https web service with userid and password.

I don't think the Nonce is an encrypted password. Nonces are usually used as part of a "conversation" to hold a value that helps ensure only that conversation (the login) is valid and when ended, it is no longer valid.

The wiki on cryptographic_nonce has a diagram that shows how it usually works and the description of it is pretty good (but it might take reading it more than once). 

That said, I am surprised you could just fill in the Nonce and get it to work.

The authentication documents that describe the general process that web service is using are here:

From a quick read in the security one, implementations are flexible and open to interpretation.

This is the FTPAPI mailing list.  To unsubscribe, please go to: