[Zope] Security + XMLRPC

Michel Pelletier michel@digicool.com
Tue, 12 Oct 1999 17:00:11 -0400


chas wrote:
> 
> b) Protocol. At the moment I've got a prototype running with XMLRPC
>    which was damned easy to create. However, there is no security
>    mechanism built into XMLRPC (or at not that I can see). So, all
>    data is transfered in the clear.

XMLRPC is based on http.  Authentication and Privacy issues for XMLRPC
are the same as HTTP.  So, you can set an Basic Auth header, use some
other method, and encrpyt with SSL etc...  Because XML-RPC subclasses
the http behavior, you would use it just like using http.

You can also tunnel it over ssh.

-Michel