continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Trygve Laugstøl <>
Subject Re: XML RPC security
Date Fri, 27 Apr 2007 12:14:59 GMT
Rahul Thakur wrote:
> Hey guys,
> Some quick notes on the security for XML RPC interface. This is what I 
> am thinking...
> Have an AuthenticatedXmlRpcService component that services the xml rpc 
> requests. The first request from a client to the service is a request 
> for authentication. A successful authentication returns an 
> authentication Token, which is passed along with subsequent requests by 
> the client. A Token can go stale (configurable time period?) if there 
> were not requests detected for it. Also, we could have a service that 
> answers any polling requests and keeps a Token 'alive'.

How about using HTTP and Redback for security? We can make the XML-RPC 
server listen on localhost:8000 only and then make a servlet that is 
proxying to localhost:8000/xml-rpc.

The proxying servlet should come after a Redback security filter. I made 
a servlet like that once acting as a facade for a Subversion repository 
which I think I added to Plexus (aka the kitchen sink), if not I can dig 
it up for you.


View raw message