By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,272 Members | 1,733 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,272 IT Pros & Developers. It's quick & easy.

Security on XML-RPC

P: n/a
Hi all,

Anyone knows a simpler but stronger control access to XML-RPC functions
than the one I comment here?

My actual system works like this:

I have a TCP Server and an XML-RPC Server. Both of them verify if the
IP address is allowed.

The TCP Server works for validate and register an IP address if it
wasn't validated previously, while the XML-RPC Server works only if the
requester IP address was allowed through the mentioned TCP Server. This
means, anyone who wants to connect to the XML-RPC Server has to pass
the TCP Server.

How a client connects to the TCP Server and authenticate his IP?

Well, there is an interchange of encrypted data between the Client and
the TCP Server, where, in few words, the client sends a UserName and a
Password, all this through the send() function of the Socket
connection. If the TCP Server authenticate an IP address, then that
Client will be able to connect to the XML-RPC Server and use its
defined functions.

The problem I see here is that if I want someone to taking advantage of
my XML-RPC functions, I have to tell him all these. I would like to get
a strong but simpler way of doing all these.

Thank you for reading and thinking.

Daniel

Oct 25 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
dcrespo wrote:
Hi all,

Anyone knows a simpler but stronger control access to XML-RPC functions
than the one I comment here?

My actual system works like this:

I have a TCP Server and an XML-RPC Server. Both of them verify if the
IP address is allowed.

The TCP Server works for validate and register an IP address if it
wasn't validated previously, while the XML-RPC Server works only if the
requester IP address was allowed through the mentioned TCP Server. This
means, anyone who wants to connect to the XML-RPC Server has to pass
the TCP Server.

How a client connects to the TCP Server and authenticate his IP?

Well, there is an interchange of encrypted data between the Client and
the TCP Server, where, in few words, the client sends a UserName and a
Password, all this through the send() function of the Socket
connection. If the TCP Server authenticate an IP address, then that
Client will be able to connect to the XML-RPC Server and use its
defined functions.

The problem I see here is that if I want someone to taking advantage of
my XML-RPC functions, I have to tell him all these. I would like to get
a strong but simpler way of doing all these.

Thank you for reading and thinking.

Daniel

Not the most secure, but I have a modified XMLRPC Server/client using
Digest auth, if that's any use?

J
Oct 25 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.