My thoughts as well.  As far as I can tell here are my options:

    I look at the CookieCrumbler last night, and wondered if I can use the
     BeforeTraversehook that it uses.  ZPublisher calls  request.processInputs() before
traversal right?  If thatis so then request should have the args from the XML-RPC 
message by the time
BeforeTraverse kicks in.  If the username,password pair is prefixed with
'zid' and 'zpw' orsome other recognizable prefix I think BeforeTraverse can pick out 
the
username,password from request.args and do the auth magic right?
    It may be possible to hijack the SecurityManager with a external
    method, but thisseems dangerous.  Any other ideas?



> I don't think basic auth is going to cut it.  The API wants username
> and password to be passed as arguments.  Probably need to hack a user
> folder implementation.
>
> ----- Original Message -----
> From: "Andy" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
> <[EMAIL PROTECTED]> Sent: Sunday, February 03, 2002 10:33 PM
> Subject: Re: [Zope] authenticating over XML-RPC to implement the
> Blogger API
>
>
> ZSyncer does user authentication over xmlrpc via
> xmlrpclibBasicAuth.py, download it and take a look.
>
>> ----- Original Message -----
>> From: "Nathan Sain" <[EMAIL PROTECTED]>
>> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
>> Sent: Monday, February 04, 2002 9:19 AM
>> Subject: [Zope] authenticating over XML-RPC to implement the Blogger
>> API
>>
>>

--

Nathan Sain
Deer High School IT Dept.
P.O. Box 56
Deer, AR 72628
(870)428-5433



_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to