xmlrpc and auth-digest
Laszlo Nagy
gandalf at designaproduct.biz
Mon Jan 8 13:20:51 EST 2007
Thomas Liesner írta:
> Hi all,
>
> this may have been asked before, but as a newbie with xmlrpc i can't
> find any suitable info on that. Sorry.
> I am trying to write a simple xmlrpc-client in python and the server i
> am trying to receive data from requires http auth digest.
> The info on xmlrpclib covers auth basic thrugh url econding such as
> "user:pass at server", but no auth digest.
>
> Is there any other library i could use for that or can i write some sort
> of wrapper around this using a differnt library like urllib?
>
What I did before is that I added additional parameters of my published
functions for the username and the password, and used xmlrpc over https.
This is secure, but somewhat clumsy. You can also implement this by
creating a persistent "session" when logging in, then use the session
identifier for identification.
If you are interested in XML/RPC over HTTPS:
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/496786
Regarding basic or digest http authentication, I believe it has nothing
to do with the XML/RPC protocol itself. The basic and digest
authentication is defined at the HTTP level. It is implemented with HTTP
headers. Probably you can do this but not with the built-in xmlrpclib.
If you look at xmlrpclib.py, then you will see that the ServerProxy
class is an old style class that uses the xmlrpclib.Transport class for
communication. The Transport class itself uses httplib to post the
information. In theory, you can copy your own xmlrpclib and send/check
extra http headers. In my opinion, it would be too much work, too much
trouble and still not secure.
Regards,
Laszlo
More information about the Python-list
mailing list