[xmlrpcflash-development] Re: [xmlrpcflash - Open Discussion] secure functionality with Flash xmlrpc
Brought to you by:
dopelogik
Menu
▾
▴
[xmlrpcflash-development] Re: [xmlrpcflash - Open Discussion] secure functionality with Flash xmlrpc
|
From: Isaac L. <is...@st...> - 2002-11-26 17:23:00
|
Hi Martin-
On Tuesday, November 26, 2002, at 10:46 AM, Martin Redington wrote:
>>
>> A little known feature of the URI spec allows username/password to be
>> specified as part of the URI:
>>
>> protocol://user:pas...@su...d:port/path
>>
>> e.g.
>>
>> http://username:pas...@ww...:8080/index.html
>>
>> This appears to be supported by flash and jakarta's xmlrpc
>> implementations.
>
> Actually, on further testing and experimentation, we're having trouble
> getting this to work. We're just looking to find out why ...
>
> login via an html page seems to work though ...
>
Ohhhhh. Cool, Thanks! That's another way I haven't thought of. When
you find out what the trouble is, I'd love to know... (do you think the
trouble is Flash, or Jakarta?)
I just tried this with a Zope, and it does seem to work just fine
(COOL).
I'm wondering if you feel that this would be a handy thing for us to
implement in the xmlrpcflash .as, as a method for supporting Basic Auth?
(i.e. make some sort of way to specify URI based HTTP auth by, say,
providing keywords in the xmlrpc object, and they'd get parsed into the
URL to make the URI, so:
---start imaginary hypothetical snippet----------------------
// in the flash app:
#include "xml-rpc.as"
objXMLRPC = new
XMLRPC("https://sub.domain.tld:port/",30,username:password);
// where the url for the xmlrpc server is specified,
// 30 is the timeout specified,
// and username:password will perform http basic auth- by letting
// the xmlrpc.as parse the actual URL it sends as:
// https://username:pas...@su...d:port/
---end snippet-----------------------------------------------
Q. Do you think this would make the actionscript easier for developers
to use, or would you think it would make it more complex/confusing?
--
One more question-
I'm assuming that the URI spec was itself implemented in the making of
the http spec, so, regardless,
Q. I am wondering if you know if there is something in the URI
specification to set the HTTP content-type header in a similar manner?
In the past, (and just now) I've tried doing this:
http://sub.domain.tld:port?Content-Type=text/xml
but no- go. It doesn't trigger the xmlrpc mechanism on my server
(Zope)- as it sets ContentType as form variables, not http header
variables.
(Now, It is possible to re-write the request mechanism of Zope to
handle the Post as xmlrpc based on an x-Content-Type http form
variable, but that gets messy- and doesn't necessarily solve the
problem in Flash- for other servers- so I've avoided this solution).
Anyhow, I'm sorry to ask so many questions of you here, (as you had
questions for us in the first place,) but on this end, I feel this
dialogue has become quite fruitful re. core auth details.
Best,
Isaac
Isaac Levy
+ Office of Structured Systems
http://structuredsystems.net
|
