[Zope] Security + XMLRPC

gtk gtk@well.com
Wed, 13 Oct 1999 20:25:12 +1000


> I really like using XMLRPC but is the above simply a disaster
> waiting to happen ?  Would CORBA, HTTPS (ie using SSLeay), or SSH
> be better suited ? And is anyone already doing anything like this ?

You'd need to make sure that your web server was dealing with HTTPS for you
(I don't think Zope has the SSL code), and I don't think xmlrpclib groks
HTTPS yet, but once you solve those it should work transparently.

FWIW, all you need to do to stop people IP spoofing is to put a filter on
your router which says "if anything comes from the outside world but is
addressed as if it came from the inside, drop it". That's just basic
firewalling. You should't need any VPN unless you want to dodge the overhead
of HTTPS.

XML-RPC security... you know, I can't see any reason why you couldn't adapt
any HTTP security scheme to work with XML-RPC.

Regards,
Garth.

--
<gtk@well.com>