Hi, when using HTTP authentication on every request the user and password are sent in the HTTP protocol in the section "credentials", I think this is wrong way, for to use HTTP authentication protocol I use HTTP + SSL (HTTPS) and if I want use HTTP the best way is to use a token something like http://localhost:8069/try?auth=TOKEN,
so the example:
s = xmlrpclib.ServerProxy ('http://localhost:8069/try')
user_token = s.common.db.login(USER, PASSWORD)
s = xmlrpclib.ServerProxy ('http://localhost:8069/try/user_token')
etc...
or If you use HTTPS, the proposal cedrik is OK.
etc.
This is my proposal.
Bye.
> Hi,
>
> I propose to change the authentication mechanism used in XML-RPC protocols.
> Currently, it requires to call "login" function to retreive a user id and a
> sesssion and pass this parameters at each function call.
> My suggestion is to use the standard authentication of HTTP (first the Basic)
> so the username and password will be passed in the header (like for WebDAV).
>
> So the example in http://code.google.com/p/tryton/wiki/RemoteCalls will
> become:
>
> s = xmlrpclib.ServerProxy ('http://user:passw...@localhost:8069/try')
>
> --
> Cédric Krier
>
> B2CK SPRL
> Rue de Rotterdam, 4
> 4000 Liège
> Belgium
> Tel: +32 472 54 46 59
> Email/Jabber: [email protected]
> Website: http://www.b2ck.com/
signature.asc
Description: Digital signature
