RE: [xmlrpcflash-development] Re: [xmlrpcflash - Open Discussion] secure functionality with Flash xmlrpc

[Danny A. <da...@ap...>]

> Great- the more cross-posting, the merrier!  (Are you in England as=20
> well?)

Almost, 400 miles north of Martin in Scotland.


> > The URL RFC defines a URL as=20
> > protocol://user:pas...@su...p-leveldomain/path
> >
> > However the HTTP sub-spec of this RFC removes the username:password=20
> > from the spec for HTTP.


> I was testing it in a browser earlier.  argh...
> I haven't tested it yet, but I'm assuming that seeing as there is no=20
> way to insert username/pass for basic http auth, that flash doesn't=20
> automatically put them there in the same way which browsers circumvent =

> the HTTP RFC URL sub-spec change.

But if flash is somehow using the browser to make the http requests =
(which may explain why you can't manipulate headers) it may pass the =
user:pass up to the browser, which *does* know how to use it. (fingers =
x'ed)


> Q- do you have any links to a good readable version of the http=20
> sub-spec of the URL RFC?

Try some of the other formats on this page http://www.w3.org/Protocols/

> OK- back to sqare 1 here.
> Danny, do you have any suggestions re. how else everyone can proceed=20
> here, strategies etc...?

Not really, I don't know enough about flash to see how it's preparing =
the http request.
Some insight into SendAndLoad() might help, but not necessarily.

An alternative may be to script the browser and make it do the work, but =
I don't think that even if it were possible it would be a satisfactorily =
robust solution.

> (I'm assuming from your email address that you might know about=20
> http...<g>)

A little, but I'm really more interested in email =
(http://jakarta.apache.org/james)


> For if not, I'd go back to suggesting everyone stick to doing some =
sort=20
> of auth system based on the content of the xmlrpc message (like =
Patrick=20
> suggested in the first place).
> Right?
>=20
> Thanks Danny, and everyone, for the Input here!
>=20
> Best,
> Isaac
>=20
>=20
>=20
>    Isaac Levy
> + Office of Structured Systems
>    http://structuredsystems.net
>=20