'RE: xml-rpc authentication and encryption'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       xmlrpc-user
Subject:    RE: xml-rpc authentication and encryption
From:       "Danny Angus" <danny () apache ! org>
Date:       2004-02-15 16:46:16
Message-ID: HKEFKPNPJLANNFPFMDKJCENEKOAA.danny () apache ! org
[Download RAW message or body]

We've used HTTP AUTH sucessfully over https (using tomcat) for xmlrpc tomcat handles the server AUTH and this xmlrpc library handles the client bit. You don't need to go outside of Apache for anything :-)

d.

> -----Original Message-----
> From: Tino Wildenhain [mailto:tino@wildenhain.de]
> Sent: 13 February 2004 07:53
> To: xmlrpc-user@ws.apache.org
> Subject: Re: xml-rpc authentication and encryption
> 
> 
> Hi Igor,
> 
> Igor Lev wrote:
> > Hi Everyone,
> > I've been trying to go through the mail archives and generally google
> > this topic but I haven't been able to find any definite answers. 
> > 
> > Basically my question is regarding authentication and encryption for
> > xml-rpc. I had a lightweight method to authorize users and encrypt
> > traffic in mind, something simple, with a shared secret(password), and a
> > handshake procedure to exchange a session id for further encryption of
> > the transfers. This would probably require a modification the http
> > server in order to encrypt/decrypt the xml payload before its parsed,
> > since I don't want the actual method calls flying around in plaintext.
> > It seems like such a natural question that I was wondering whether
> > anything like this has been discused before and I just couldn't find it
> > in the archives(most likely), or is SSL the only "good" way to go for
> > xml-rpc authentication and encryption. 
> > 
> > Any info would be greatly appreciated.
> 
> xml-rpc relys just on the HTTP-layer for authentication and encryption.
> Even compression fits into that model. With apache, mod_gzip and
> mod_ssl are your friend for example. Other frameworks had this built
> in. I remember someone built HTTP-auth directly into the Java
> libs for xmlrpc; this should be in the archives. If not it should
> be simple to patch in.
> 
> Regards
> Tino Wildenhain
> 
> 



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic