"Tickets" and XML-RPC authentication
Ian Bicking
ianb at colorstudy.com
Mon Jul 15 17:46:58 EDT 2002
On Mon, 2002-07-15 at 16:05, Magnus Lie Hetland wrote:
> As for attackers listening in -- I guess you mean that I might want to
> have one secure (ssl) login-call, and then do the rest in the open?
> I'm not completely sure why I then wouldn't want to wrapp it all in a
> secure connection...
If you wanted to transfer a large bit of content, or do lots of small
transactions, the overhead of SSL could be significant (maybe).
XMLRPC requires encoding that already makes it less efficient for
transferring large amounts of content, so that's probably not worth it
(or you'd want to ditch XMLRPC entirely for traditional HTTP). So it's
probably just in case of a very chatty situation where you might want to
avoid SSL overhead -- my understanding is that SSL adds a significant
amount of latency to a connection. If, for instance, you had an
interactive UI where you didn't want to do caching (e.g., the site was
being updated very actively), then SSL might be a problem (unless both
sides supported keep-alive connections, which might be the best
solution).
--
Ian Bicking Colorstudy Web Development
ianb at colorstudy.com http://www.colorstudy.com
4869 N Talman Ave, Chicago, IL 60625 / (773) 275-7241
More information about the Python-list
mailing list