Securing SimpleXMLRPCServer?
Brian Quinlan
brian at sweetapp.com
Fri Jul 5 12:46:47 EDT 2002
John Abel wrote:
> I've set up an server, and client, which works OK, but now I want to
> secure the server. Is there a way I can query the IP of the
connecting
> client? I've looked through the documentation, and can see that
> SimpleXMLRPCRequestHandler is based on BaseHTTPServer, which has
> client_address, but I can't seem to get access that variable.
>
> Any pointers would be much appreciated.
You could base your security on IP address or you could have the client
send a cookie with each RPC call.
Using your IP address technique, you can subclass
SimpleXMLRPCRequestHandler and write your own do_POST or _dispatch
method. Your implementation can be very simple; just check
client_address and call the base class implementation if it is correct.
You must also register your SimpleXMLRPCRequestHandler subclass with the
SimpleXMLRPCServer. Here is an untested example:
class
AuthenticatingSimpleXMLRPCRequestHandler(SimpleXMLRPCRequestHandler):
def _dispatch(self, method, params):
if self.client_address not in list_of_valid_addresses:
raise Exception, "your IP address is not
authorized"
else:
SimpleXMLRPCRequestHandler._dispatch(self,
method, params)
server = SimpleXMLRPCServer(
some_address,
AuthenticatingSimpleXMLRPCRequestHandler
)
server.server_forever()
Cheers,
Brian
More information about the Python-list
mailing list