I really like using XMLRPC but is the above simply a disaster waiting to happen ? Would CORBA, HTTPS (ie using SSLeay), or SSH be better suited ? And is anyone already doing anything like this ?
You'd need to make sure that your web server was dealing with HTTPS for you (I don't think Zope has the SSL code), and I don't think xmlrpclib groks HTTPS yet, but once you solve those it should work transparently. FWIW, all you need to do to stop people IP spoofing is to put a filter on your router which says "if anything comes from the outside world but is addressed as if it came from the inside, drop it". That's just basic firewalling. You should't need any VPN unless you want to dodge the overhead of HTTPS. XML-RPC security... you know, I can't see any reason why you couldn't adapt any HTTP security scheme to work with XML-RPC. Regards, Garth. -- <gtk@well.com>