XMLRPC Authentication

Dave Brueck dave at pythonapocrypha.com
Fri Jun 6 21:31:29 CEST 2003


On Fri, 6 Jun 2003, Justin Johnson wrote:
> On Fri, 6 Jun 2003 12:13:26 -0700 (PDT), "Dave Brueck"
> <dave at pythonapocrypha.com> said:
> > On Fri, 6 Jun 2003, Justin Johnson wrote:
> >
> > > I have a simple xmlrpc server (using xmlrpclib) that accepts requests
> > > from clients and runs some administrative commands on a bunch of servers
> > > I support.  I would like to lock down access to the service so that only
> > > authorized users can use it, by authenticating with a user name and
> > > password.
> > >
> > > Has anyone done this before?  Is there an already existent authentication
> > > framework available I can use with xmlrpc?
> >
> > I use the improvements to xmlrpclib listed here:
> >
> > http://www.zope.org/Members/Amos/XML-RPC

> Would you mind explaining to me how you use them?  In conjunction with
> the example in the cookbook perhaps...

Assuming you've been using the XMLRPC client like this:

import xmlrpclib
s = xmlrpclib.ServerProxy(url)

then you would use the BasicAuthTransport in that above HOWTO like this:

s = xmlrpclib.ServerProxy(url, BasicAuthTransport(username, password)

Everything else would remain the same. With a little work you could
rewrite BasicAuthTransport to be a mixin to use with xmlrpclib's Transport
and SafeTransport classes (thus enabling use over HTTPS as well).

-Dave





More information about the Python-list mailing list