"Tickets" and XML-RPC authentication
Magnus Lie Hetland
mlh at vier.idi.ntnu.no
Sun Jul 14 13:19:28 EDT 2002
If I have only one server/service, and that service takes care of its
own authentication (i.e. no Kerberos-like stuff), is there any point
to using a ticket/cookie-based system?
In other words, is there any point to doing this:
ticket = server.authenticate('username', 'password')
server.performService(ticket, some, other, params)
rather than
server.performService('username', 'password', some, other, params)
?
I see the Advogato XML-RPC interface uses a ticket (or, as they call
it, a cookie) like in the first example. They don't explain why, and I
can't see any good reason, except perhaps making the client code a
tiny bit simpler... But you could always do something like
ticket = {'user': 'foobar', 'pass': 'babar'}
anyway, so...
(Perhaps there is some session tracking going on?)
Any thoughts?
--
Magnus Lie Hetland The Anygui Project
http://hetland.org http://anygui.org
More information about the Python-list
mailing list