continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Venisse <emman...@venisse.net>
Subject Re: XML RPC security
Date Fri, 27 Apr 2007 12:48:20 GMT
Instead of use the actaul embedded xmlrpc server that run on a different port, we can use The
xmlrpc servlet (http://ws.apache.org/xmlrpc/server.html)

Emmanuel

Trygve Laugstøl a écrit :
> Rahul Thakur wrote:
>> Hey guys,
>>
>> Some quick notes on the security for XML RPC interface. This is what I 
>> am thinking...
>>
>> Have an AuthenticatedXmlRpcService component that services the xml rpc 
>> requests. The first request from a client to the service is a request 
>> for authentication. A successful authentication returns an 
>> authentication Token, which is passed along with subsequent requests 
>> by the client. A Token can go stale (configurable time period?) if 
>> there were not requests detected for it. Also, we could have a service 
>> that answers any polling requests and keeps a Token 'alive'.
> 
> How about using HTTP and Redback for security? We can make the XML-RPC 
> server listen on localhost:8000 only and then make a servlet that is 
> proxying to localhost:8000/xml-rpc.
> 
> The proxying servlet should come after a Redback security filter. I made 
> a servlet like that once acting as a facade for a Subversion repository 
> which I think I added to Plexus (aka the kitchen sink), if not I can dig 
> it up for you.
> 
> -- 
> Trygve
> 
> 
> 


Mime
View raw message