Hello Dave, thank you for your help.
> I believe the Sun (blogs.sun.com) folks made a change so that the > password stored in Roller is known as the "weblog client password" -- > which is not a bad idea. After all, do you really want folks passing > their real CAS password around via XML-RPC? But they never contributed > this back to Roller. does this mean you would suggest not to use MetaWeblog/XML-RPC at all? But what else can I offer our users now? Our blog server already enforces SSL for the protected areas so it is possible to make the MetaWeblog/XML-RPC communication secure. The only thing I would have to fix are the non-SSL links offered by the autodiscovery rsd file. -Henning
