Casey Duncan wrote:
On Tue, 08 Jun 2004 13:31:20 +0200 Ulrich Wisser <ulrich.wisser@relevanttraffic.se> wrote:
my web application uses cookie based authentication. Which works very well with CookieCrumbler.
Now I have been asked to implement some XML-RPC functions, which should use the same login information but use Basic Authentication.
CookieCrumbler just "fakes" basic auth anyhow. Basic auth will work as usual even with CookieCrumbler in play. Using the xmlrpclib with a recent Python you can just do::
import xmlrpclib zope = xmlrpclib.Server('http://user:password@zopeserver') zope.some.object.method()
Is there no more secure way to make an XML-RPC call than this? I'd like to tunnel over HTTPS, but placing the password in the request URL like this exposes it insecurely. What's the safest way to do this? -- - David A. Riggs <riggs at csee dot wvu dot edu>