From: Ian B. <ia...@co...> - 2001-11-21 06:13:02
|
It's a little rough, but I made a SecureXMLRPCServlet class that deals with authentication, as well as using hashing to secure the password in transmition -- which is most of security I'd care about, since I don't deal in much that would warrant much more. Except those damn credit cards. But, anyway, I was saying: it *should* be fairly secure in the transmition of a password, but if anyone wants to give it a look with regards to that, I'm curious what I might have missed. It lacks support for situations where passwords on the server side are stored in a hashed form. The companion client module (securexmlrpc) looks pretty much like xmlrpclib, except Server can take an extra username/password argument to its __init__ -- but it should also be backward compatible. I have tested it only very, very lightly. But I am going out of town tomorrow, so I thought I'd put it out there. http://www.colorstudy.net/software/webware/XMLRPC/ -- Ian Bicking Colorstudy Web Design ia...@co... http://www.colorstudy.com 4769 N Talman Ave, Chicago, IL 60625 / (773) 275-7241 |