[Zope] Re: Cookie and Basic authentication

Dieter Maurer dieter at handshake.de
Wed Jun 9 15:09:07 EDT 2004


David A. Riggs wrote at 2004-6-8 18:33 -0400:
> ...
>>   zope = xmlrpclib.Server('http://user:password@zopeserver')
>>   zope.some.object.method()
>> 
>
>
>Is there no more secure way to make an XML-RPC call than this? I'd
>like to tunnel over HTTPS, but placing the password in the request
>URL like this exposes it insecurely. What's the safest way to do
>this?

When you use HTTPS, then the complete request is encrypted, including
the URL. It might be possible that the server log file includes the
user/password info. Check whether this is the case. If not,
this method is as secure as others.

-- 
Dieter



More information about the Zope mailing list