[Zope] Re: Cookie and Basic authentication
David A. Riggs
spam_riggs at csee.wvu.edu
Tue Jun 8 18:33:47 EDT 2004
Casey Duncan wrote:
> On Tue, 08 Jun 2004 13:31:20 +0200
> Ulrich Wisser <ulrich.wisser at relevanttraffic.se> wrote:
>>my web application uses cookie based authentication. Which works very
>>well with CookieCrumbler.
>>
>>Now I have been asked to implement some XML-RPC functions, which
>>should use the same login information but use Basic Authentication.
>
> CookieCrumbler just "fakes" basic auth anyhow. Basic auth will work as
> usual even with CookieCrumbler in play. Using the xmlrpclib with a
> recent Python you can just do::
>
> import xmlrpclib
> zope = xmlrpclib.Server('http://user:password@zopeserver')
> zope.some.object.method()
>
Is there no more secure way to make an XML-RPC call than this? I'd
like to tunnel over HTTPS, but placing the password in the request
URL like this exposes it insecurely. What's the safest way to do
this?
--
- David A. Riggs <riggs at csee dot wvu dot edu>
More information about the Zope
mailing list