continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rahul Thakur" <>
Subject Re: XML RPC security
Date Sun, 29 Apr 2007 07:08:25 GMT

Sounds good! Pointers would be great, if you have it handy :-)


----- Original Message ----- 
From: "Trygve Laugstøl" <>
To: <>
Sent: Saturday, April 28, 2007 12:14 AM
Subject: Re: XML RPC security

> Rahul Thakur wrote:
>> Hey guys,
>> Some quick notes on the security for XML RPC interface. This is what 
>> I am thinking...
>> Have an AuthenticatedXmlRpcService component that services the xml 
>> rpc requests. The first request from a client to the service is a 
>> request for authentication. A successful authentication returns an 
>> authentication Token, which is passed along with subsequent requests 
>> by the client. A Token can go stale (configurable time period?) if 
>> there were not requests detected for it. Also, we could have a 
>> service that answers any polling requests and keeps a Token 'alive'.
> How about using HTTP and Redback for security? We can make the XML-RPC 
> server listen on localhost:8000 only and then make a servlet that is 
> proxying to localhost:8000/xml-rpc.
> The proxying servlet should come after a Redback security filter. I 
> made a servlet like that once acting as a facade for a Subversion 
> repository which I think I added to Plexus (aka the kitchen sink), if 
> not I can dig it up for you.
> --
> Trygve 

View raw message