Security on XML-RPC
dcrespo at gmail.com
Tue Oct 25 14:29:38 CEST 2005
Anyone knows a simpler but stronger control access to XML-RPC functions
than the one I comment here?
My actual system works like this:
I have a TCP Server and an XML-RPC Server. Both of them verify if the
IP address is allowed.
The TCP Server works for validate and register an IP address if it
wasn't validated previously, while the XML-RPC Server works only if the
requester IP address was allowed through the mentioned TCP Server. This
means, anyone who wants to connect to the XML-RPC Server has to pass
the TCP Server.
How a client connects to the TCP Server and authenticate his IP?
Well, there is an interchange of encrypted data between the Client and
the TCP Server, where, in few words, the client sends a UserName and a
Password, all this through the send() function of the Socket
connection. If the TCP Server authenticate an IP address, then that
Client will be able to connect to the XML-RPC Server and use its
The problem I see here is that if I want someone to taking advantage of
my XML-RPC functions, I have to tell him all these. I would like to get
a strong but simpler way of doing all these.
Thank you for reading and thinking.
More information about the Python-list