SimpleXMLRPCServer security
Robin Becker
robin at SPAMREMOVEjessikat.fsnet.co.uk
Sat Jun 4 05:30:46 EDT 2005
What are the security issues for an xmlrpc server with 127.0.0.1 as
host? Clearly anyone with local access can connect to the server so we
should protect the server and client code, but in my particular case the
client starts as a cgi script and in general must be world
readable/executable. Switching uid at startup allows the client code to
be private; so is that a strategy for protecting the
encryption/decryption which obfuscates the xmlrpc channel?
Anyone done this sort of thing before?
--
Robin Becker
More information about the Python-list
mailing list