[Zope] Re: Cookie and Basic authentication
Dieter Maurer
dieter at handshake.de
Wed Jun 9 15:09:07 EDT 2004
David A. Riggs wrote at 2004-6-8 18:33 -0400:
> ...
>> zope = xmlrpclib.Server('http://user:password@zopeserver')
>> zope.some.object.method()
>>
>
>
>Is there no more secure way to make an XML-RPC call than this? I'd
>like to tunnel over HTTPS, but placing the password in the request
>URL like this exposes it insecurely. What's the safest way to do
>this?
When you use HTTPS, then the complete request is encrypted, including
the URL. It might be possible that the server log file includes the
user/password info. Check whether this is the case. If not,
this method is as secure as others.
--
Dieter
More information about the Zope
mailing list