It's a little rough, but I made a SecureXMLRPCServlet class that deals with authentication, as well as using hashing to secure the password in transmition -- which is most of security I'd care about, since I don't deal in much that would warrant much more. Except those damn credit cards.
But, anyway, I was saying: it *should* be fairly secure in the transmition of a password, but if anyone wants to give it a look with regards to that, I'm curious what I might have missed. It lacks support for situations where passwords on the server side are stored in a hashed form. The companion client module (securexmlrpc) looks pretty much like xmlrpclib, except Server can take an extra username/password argument to its __init__ -- but it should also be backward compatible. I have tested it only very, very lightly. But I am going out of town tomorrow, so I thought I'd put it out there. http://www.colorstudy.net/software/webware/XMLRPC/ -- Ian Bicking Colorstudy Web Design [EMAIL PROTECTED] http://www.colorstudy.com 4769 N Talman Ave, Chicago, IL 60625 / (773) 275-7241 _______________________________________________ Webware-discuss mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-discuss
