Secure Webservice?

Question

I'm trying to create a secure webservice (that provides simple database data) with PHP that can be connected to through my Silverlight application. I don't know enough about PHP to be able to see another way to do this.

The webservice should only be accessible through the client, and only with the proper username/password.

The only two ways I can imagine to do this would be by passing the username/password hash via URL, or use a "hidden form" and do it via POST_.

I'm just trying to get past this point, I'm the sole developer on this project and I'm just trying to get past this PHP webservice part so I can get back to being an application programmer :)

Normally, I would learn PHP, but I'm on the clock, so I'm just looking for a point in the right direction on how to achieve this!

Answer 1

You put your service behind SSL, and send the username password in the clear.

You should use POST as the url may be cached along the way, showing your credentials.

You can use either json, xml or a query string (simple form post) to pass parameters.

That's it!

Answer 2

Just use SSL and HTTP basic authentication, headers are encrypted so they won't see your username/password this way.