authentication for xmlrpc via cgi

David M. Cooke cookedm+news at
Thu Sep 22 23:54:02 CEST 2005

qhfgva at writes:

> I'm using python 2.2 (hopefully we'll be upgrading our system to 2.3
> soon) and I'm trying to prototype some xml-rpc via cgi functionality.
> If I override the Transport class on the xmlrpclib client and add some
> random header like "Junk", then when I have my xmlrpc server log it's
> environment when running, I see the HTTP_JUNK header.  If I do this
> with AUTHORIZATION, the header is not found.
> Does this ring a bell for anyone?  Am I misunderstanding how to use
> this header?  I'm guessing that Apache might be eating this header, but
> I don't know why.

By default, Apache does eat that. It's a compile time default; the
Apache developers think it's a security hole. Here's a note about it:

>From what I can see, this is still true in Apache 2.

|David M. Cooke

More information about the Python-list mailing list