dcrespo wrote: >Hi all, > >Anyone knows a simpler but stronger control access to XML-RPC functions >than the one I comment here? > >My actual system works like this: > >I have a TCP Server and an XML-RPC Server. Both of them verify if the >IP address is allowed. > >The TCP Server works for validate and register an IP address if it >wasn't validated previously, while the XML-RPC Server works only if the >requester IP address was allowed through the mentioned TCP Server. This >means, anyone who wants to connect to the XML-RPC Server has to pass >the TCP Server. > >How a client connects to the TCP Server and authenticate his IP? > >Well, there is an interchange of encrypted data between the Client and >the TCP Server, where, in few words, the client sends a UserName and a >Password, all this through the send() function of the Socket >connection. If the TCP Server authenticate an IP address, then that >Client will be able to connect to the XML-RPC Server and use its >defined functions. > >The problem I see here is that if I want someone to taking advantage of >my XML-RPC functions, I have to tell him all these. I would like to get >a strong but simpler way of doing all these. > >Thank you for reading and thinking. > >Daniel > > > Not the most secure, but I have a modified XMLRPC Server/client using Digest auth, if that's any use?
J -- http://mail.python.org/mailman/listinfo/python-list