My thoughts as well. As far as I can tell here are my options:
I look at the CookieCrumbler last night, and wondered if I can use the
BeforeTraversehook that it uses. ZPublisher calls request.processInputs() before
traversal right? If thatis so then request should have the args from the XML-RPC
message by the time
BeforeTraverse kicks in. If the username,password pair is prefixed with
'zid' and 'zpw' orsome other recognizable prefix I think BeforeTraverse can pick out
username,password from request.args and do the auth magic right?
It may be possible to hijack the SecurityManager with a external
method, but thisseems dangerous. Any other ideas?
> I don't think basic auth is going to cut it. The API wants username
> and password to be passed as arguments. Probably need to hack a user
> folder implementation.
> ----- Original Message -----
> From: "Andy" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
> <[EMAIL PROTECTED]> Sent: Sunday, February 03, 2002 10:33 PM
> Subject: Re: [Zope] authenticating over XML-RPC to implement the
> Blogger API
> ZSyncer does user authentication over xmlrpc via
> xmlrpclibBasicAuth.py, download it and take a look.
>> ----- Original Message -----
>> From: "Nathan Sain" <[EMAIL PROTECTED]>
>> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
>> Sent: Monday, February 04, 2002 9:19 AM
>> Subject: [Zope] authenticating over XML-RPC to implement the Blogger
Deer High School IT Dept.
P.O. Box 56
Deer, AR 72628
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -