User authentication in SOAP
Gilles Lenfant
glenfant.nospam at bigfoot.com
Wed Jul 25 11:46:42 EDT 2001
Hi,
I don't know exactly what's the structure of the SOAP library you're using.
I'm pretty familiar with Fred Lunth's xmlrpclib that has a transport layer
and a XML message parsing/marshalling layer.
If your SOAP library has a similar structure, you can subclass the http
transport layer to provide the basic http authentication support.
This is explained with source code in
http://www.zope.org/Members/Amos/XML-RPC
That's the way we provide B2B confidential data to our customers back-office
application from a Zope server.
As the SOAP library from www.secretlabs.com in structured in a same manner
as their XML-RPC library (a Transport class), this should work (perhaps with
few hacking).
IMHO, including user credential in the SOAP message data section is not
secure.
Hope I helped.
--Gilles
"Thomas Weholt" <thomas at gatsoft.no> a écrit dans le message news:
hOz77.41$bXi.178337792 at news.telia.no...
> Hi,
>
> Just looked at SOAPpy from ActZero and it looks just like the thing I need
> for a small project. I just wondered what would be the best method of
> implementing username/password-protected services in a SOAP-server? Does
> SOAP define any rules for this at all or does it place that responsibility
> on the server?
>
> Any hints appreciated.
>
> Thomas
>
>
More information about the Python-list
mailing list