I want to be able to offer limited access to a DB to clients that are hosted on my server (only select clients NOT all).
I was thinking of offering them a set of functions, like an API, that they could utilize and use the recordset that is returned in the normal way. I could probably have a set of domain names that had access along with the server IP and verify that the call was coming from the correct domain name on the local server.
What do you think? Any better suggestions? Would the domain and IP of server be enough security?
I want to be able to offer the service without basically opening myself up to having it stolent by everybody.
All helpful suggestions or advice appreciate.