Archive of UserLand's first discussion group, started October 5, 1998.

Re: XML-RPC and Security

Author:Brent Simmons
Posted:2/3/1999; 6:45:41 PM
Topic:XML-RPC and Security
Msg #:2663 (In response to 2662)
Prev/Next:2662 / 2664

Paul Nakada wrote:

Can someone outline, in high level terms how one might securely access and update data on a per user basis when the data is exposed via XML-RPC.

Since you define the parameters that an XML-RPC handler accepts, you can define username and password parameters if you want. They can be encoded in any way you want, as long as the client knows how to encode them and the server knows how to decode them.

In addition, in Frontier we have a convention, you can include a #security script that runs before a handler is invoked, allowing you to disallow access based on HTTP username and password, IP address, or whatever other criteria are available.

So: while there's nothing in the spec about security, there's nothing to prevent you from implementing security however you want.


Security for RPC2 describes Frontier's #security convention.

There are responses to this message:

This page was archived on 6/13/2001; 4:47:44 PM.

© Copyright 1998-2001 UserLand Software, Inc.