ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tino Wildenhain <>
Subject Re: xml-rpc authentication and encryption
Date Fri, 13 Feb 2004 07:52:48 GMT
Hi Igor,

Igor Lev wrote:
> Hi Everyone,
> I've been trying to go through the mail archives and generally google
> this topic but I haven't been able to find any definite answers. 
> Basically my question is regarding authentication and encryption for
> xml-rpc. I had a lightweight method to authorize users and encrypt
> traffic in mind, something simple, with a shared secret(password), and a
> handshake procedure to exchange a session id for further encryption of
> the transfers. This would probably require a modification the http
> server in order to encrypt/decrypt the xml payload before its parsed,
> since I don't want the actual method calls flying around in plaintext.
> It seems like such a natural question that I was wondering whether
> anything like this has been discused before and I just couldn't find it
> in the archives(most likely), or is SSL the only "good" way to go for
> xml-rpc authentication and encryption. 
> Any info would be greatly appreciated.

xml-rpc relys just on the HTTP-layer for authentication and encryption.
Even compression fits into that model. With apache, mod_gzip and
mod_ssl are your friend for example. Other frameworks had this built
in. I remember someone built HTTP-auth directly into the Java
libs for xmlrpc; this should be in the archives. If not it should
be simple to patch in.

Tino Wildenhain

View raw message