RE: [xmlrpcflash-development] Re: [xmlrpcflash - Open Discussion] secure functionality with Flash xm
Brought to you by:
dopelogik
Menu
▾
▴
RE: [xmlrpcflash-development] Re: [xmlrpcflash - Open Discussion] secure functionality with Flash xmlrpc
|
From: Danny A. <da...@ap...> - 2002-11-27 11:20:38
|
> Great- the more cross-posting, the merrier! (Are you in England as=20 > well?) Almost, 400 miles north of Martin in Scotland. > > The URL RFC defines a URL as=20 > > protocol://user:pas...@su...-leveldomain/path > > > > However the HTTP sub-spec of this RFC removes the username:password=20 > > from the spec for HTTP. > I was testing it in a browser earlier. argh... > I haven't tested it yet, but I'm assuming that seeing as there is no=20 > way to insert username/pass for basic http auth, that flash doesn't=20 > automatically put them there in the same way which browsers circumvent = > the HTTP RFC URL sub-spec change. But if flash is somehow using the browser to make the http requests = (which may explain why you can't manipulate headers) it may pass the = user:pass up to the browser, which *does* know how to use it. (fingers = x'ed) > Q- do you have any links to a good readable version of the http=20 > sub-spec of the URL RFC? Try some of the other formats on this page http://www.w3.org/Protocols/ > OK- back to sqare 1 here. > Danny, do you have any suggestions re. how else everyone can proceed=20 > here, strategies etc...? Not really, I don't know enough about flash to see how it's preparing = the http request. Some insight into SendAndLoad() might help, but not necessarily. An alternative may be to script the browser and make it do the work, but = I don't think that even if it were possible it would be a satisfactorily = robust solution. > (I'm assuming from your email address that you might know about=20 > http...<g>) A little, but I'm really more interested in email = (http://jakarta.apache.org/james) > For if not, I'd go back to suggesting everyone stick to doing some = sort=20 > of auth system based on the content of the xmlrpc message (like = Patrick=20 > suggested in the first place). > Right? >=20 > Thanks Danny, and everyone, for the Input here! >=20 > Best, > Isaac >=20 >=20 >=20 > Isaac Levy > + Office of Structured Systems > http://structuredsystems.net >=20 |
