On Monday November 19, 2001 09:36 pm, Ian Bicking wrote: > I'm just curious: how are people doing authentication with XML-RPC? Do > you just have every request include a username/password to authenticate > that particular request/action? > > Ian
That's the way we do it. We also use https to prevent snooping. It might be a good idea to log incorrect username/password attempts somewhere to detect if someone's trying to break in. Of course that's true of regular web pages too. You could make it easier by writing a wrapper around the XML-RPC client libraries to automatically add in the username and password to every request, and similar handling on the server side to validate them (i.e. a SecureXMLRPCServlet subclass). We haven't done it yet, but I've thought about it a couple of times :-) - Geoff _______________________________________________ Webware-discuss mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-discuss
