My thoughts as well.  As far as I can tell here are my options:

    I look at the CookieCrumbler last night, and wondered if I can use the
     BeforeTraversehook that it uses.  ZPublisher calls  request.processInputs() before
traversal right?  If thatis so then request should have the args from the XML-RPC 
message by the time
BeforeTraverse kicks in.  If the username,password pair is prefixed with
'zid' and 'zpw' orsome other recognizable prefix I think BeforeTraverse can pick out 
username,password from request.args and do the auth magic right?
    It may be possible to hijack the SecurityManager with a external
    method, but thisseems dangerous.  Any other ideas?

> I don't think basic auth is going to cut it.  The API wants username
> and password to be passed as arguments.  Probably need to hack a user
> folder implementation.
> ----- Original Message -----
> From: "Andy" <[EMAIL PROTECTED]>
> <[EMAIL PROTECTED]> Sent: Sunday, February 03, 2002 10:33 PM
> Subject: Re: [Zope] authenticating over XML-RPC to implement the
> Blogger API
> ZSyncer does user authentication over xmlrpc via
>, download it and take a look.
>> ----- Original Message -----
>> From: "Nathan Sain" <[EMAIL PROTECTED]>
>> Sent: Monday, February 04, 2002 9:19 AM
>> Subject: [Zope] authenticating over XML-RPC to implement the Blogger
>> API


Nathan Sain
Deer High School IT Dept.
P.O. Box 56
Deer, AR 72628

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to