Hello rollers, just to close this and give a feedback, if someone else needs it:
We are now using Rollers MetaWeblog API and enforce SSL on our users. The archive this we made the following steps: * Our Tomcat servers work behind apache servers which do the SSL stuff. We configured the apacher servers to enforce SSL requests going to '/<blogbase>/roller-services/xmlrpc' * In the roller webapp we changed file 'WEB-INF/velocity/templates/weblog/rsd.vm' to make it offer SSL links. This is hard coded and not using on roller properties. * We tested access with Microsoft Live Writer which works fine. -Henning On Fri, Mar 13, 2009 at 10:53 PM, Henning Brune <henning.br...@googlemail.com> wrote: > Hello Dave, > > thank you for your help. > >> I believe the Sun (blogs.sun.com) folks made a change so that the >> password stored in Roller is known as the "weblog client password" -- >> which is not a bad idea. After all, do you really want folks passing >> their real CAS password around via XML-RPC? But they never contributed >> this back to Roller. > > does this mean you would suggest not to use MetaWeblog/XML-RPC at all? > But what else can I offer our users now? > > Our blog server already enforces SSL for the protected areas so it is > possible to make the MetaWeblog/XML-RPC communication secure. The only > thing I would have to fix are the non-SSL links offered by the > autodiscovery rsd file. > > -Henning > -- Dipl.-Inform. Henning Brune http://ekvv.uni-bielefeld.de/pers_publ/publ/PersonDetail.jsp?personId=10185 Universität Bielefeld Projekt BIS Postfach 10 01 31 D-33501 Bielefeld Die neue Homepage des BIS Projektes: http://www.uni-bielefeld.de/bis/
