On Mon, 2 Feb 2009 19:59:23 -0800 "C. Titus Brown" <[email protected]> wrote:
> If it's important to provide a non-HTTPS connection, we can run two > servers at once, in different threads. This does mean that each > served function needs to synchronize data access appropriately -- > which is going to be an issue in *any* threaded server. I thought about this and it seems we need to design a synchronisation mechanism before we even begin to consider adding write capabilities to the XML-RPC server. Any thoughts on the subject, Titus? Also, do you think a server should limit write operations to local/SQL storage, or should it be able to manipulate data it pulls from other servers as well? > XML-RPC as a protocol doesn't support authentication AFAIK, and it's > based on HTTP, which is stateless, so you can't simply authenticate > the connection. I dealt with this in one of my projects by simply > serving an auth cookie with any privileged function. That's the way this is normally done, I believe. By the way, would you be able to transplant your auth code from your other project into Pygr? > I guess I'm in favor of a conservative and boring approach which is to > add these things as we need them & only redesign if it causes problems > :) Fair enough. -- MS --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pygr-dev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/pygr-dev?hl=en -~----------~----~----~----~------~----~------~--~---
