Re: [xmlrpcflash-development] Re: [xmlrpcflash - Open Discussion] secure functionality with Flash xm
Brought to you by:
dopelogik
Menu
▾
▴
Re: [xmlrpcflash-development] Re: [xmlrpcflash - Open Discussion] secure functionality with Flash xmlrpc
|
From: Isaac L. <is...@st...> - 2002-11-26 23:27:34
|
Hello Danny, On Tuesday, November 26, 2002, at 01:26 PM, Danny Angus wrote: > I'm working with Martin (In case you wondered where I came from!) Great- the more cross-posting, the merrier! (Are you in England as well?) > >> One more question- >> I'm assuming that the URI spec was itself implemented in the making >> of >> the http spec, so, regardless, >> Q. I am wondering if you know if there is something in the URI >> specification to set the HTTP content-type header in a similar manner? > > The URL RFC defines a URL as > protocol://user:pas...@su...p-leveldomain/path > > However the HTTP sub-spec of this RFC removes the username:password > from the spec for HTTP. > > What this means in practice is that you are allowed to define a URL > with user/pass but the http client must convert it into http request > Headers per the HTTP AUTH rfc. > Sorry.. /* ike winces and gnashes teeth */ I was testing it in a browser earlier. argh... I haven't tested it yet, but I'm assuming that seeing as there is no way to insert username/pass for basic http auth, that flash doesn't automatically put them there in the same way which browsers circumvent the HTTP RFC URL sub-spec change. These are some really esoteric annoyances, eh? Q- do you have any links to a good readable version of the http sub-spec of the URL RFC? > >> In the past, (and just now) I've tried doing this: >> http://sub.domain.tld:port?Content-Type=text/xml >> but no- go. > > It won't work, unless the client can xlate them, the user:pass is a > special case that can be used by clients instead of a login dialog. OK- back to sqare 1 here. Danny, do you have any suggestions re. how else everyone can proceed here, strategies etc...? (I'm assuming from your email address that you might know about http...<g>) For if not, I'd go back to suggesting everyone stick to doing some sort of auth system based on the content of the xmlrpc message (like Patrick suggested in the first place). Right? Thanks Danny, and everyone, for the Input here! Best, Isaac Isaac Levy + Office of Structured Systems http://structuredsystems.net |
