9 Jun
2004
9 Jun
'04
7:09 p.m.
David A. Riggs wrote at 2004-6-8 18:33 -0400:
...
zope = xmlrpclib.Server('http://user:password@zopeserver') zope.some.object.method()
Is there no more secure way to make an XML-RPC call than this? I'd like to tunnel over HTTPS, but placing the password in the request URL like this exposes it insecurely. What's the safest way to do this?
When you use HTTPS, then the complete request is encrypted, including the URL. It might be possible that the server log file includes the user/password info. Check whether this is the case. If not, this method is as secure as others. -- Dieter