SimpleXMLRPCServer security

Robin Becker robin at
Sat Jun 4 11:30:46 CEST 2005

What are the security issues for an xmlrpc server with as 
host? Clearly anyone with local access can connect to the server so we 
should protect the server and client code, but in my particular case the 
client starts as a cgi script and in general must be world 
readable/executable. Switching uid at startup allows the client code to 
be private; so is that a strategy for protecting the 
encryption/decryption which obfuscates the xmlrpc channel?

Anyone done this sort of thing before?
Robin Becker

More information about the Python-list mailing list