My thoughts as well. As far as I can tell here are my options: I look at the CookieCrumbler last night, and wondered if I can use the BeforeTraversehook that it uses. ZPublisher calls request.processInputs() before traversal right? If thatis so then request should have the args from the XML-RPC message by the time BeforeTraverse kicks in. If the username,password pair is prefixed with 'zid' and 'zpw' orsome other recognizable prefix I think BeforeTraverse can pick out the username,password from request.args and do the auth magic right? It may be possible to hijack the SecurityManager with a external method, but thisseems dangerous. Any other ideas?
> I don't think basic auth is going to cut it. The API wants username > and password to be passed as arguments. Probably need to hack a user > folder implementation. > > ----- Original Message ----- > From: "Andy" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]> Sent: Sunday, February 03, 2002 10:33 PM > Subject: Re: [Zope] authenticating over XML-RPC to implement the > Blogger API > > > ZSyncer does user authentication over xmlrpc via > xmlrpclibBasicAuth.py, download it and take a look. > >> ----- Original Message ----- >> From: "Nathan Sain" <[EMAIL PROTECTED]> >> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> >> Sent: Monday, February 04, 2002 9:19 AM >> Subject: [Zope] authenticating over XML-RPC to implement the Blogger >> API >> >> -- Nathan Sain Deer High School IT Dept. P.O. Box 56 Deer, AR 72628 (870)428-5433 _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )