Identify valid server in XML-RPC request using PHP

views:

answers:

+1 Q:

Identify valid server in XML-RPC request using PHP

I'm working on a client-server system, where the client makes XMLRPC requests to the server. The client part of the system is handed to a third-party, meaning that he could eventually modify the code or re-route the xmlrpc requests.

Now, hoping the third-party won't modify the code, I need a way to make sure that the server the client script is contacting is actually MY server (cause, the person could somehow reroute the requests to his own server where he could make up some xml responses, not what I want). Is there a way to identify a server using PHP? Some sort of SSL connection?

Hope you guys understand me.

Cheers.

Yes you can use SSL. Zend's XML RPC library supports HTTPS natively in my experience

Rory 2010-03-23 11:33:30

SSL is good if you verify certificate authenticity, if not it will not help so much.

Also, you can implement authentification system to certify both sides are the legacy ones.

I never used it with XML-RPC, but with SOAP yes. You can do this at HTTP protocol level (not so complicated with apache servers) or at application level.

Benoit 2010-03-23 12:29:23

ansaurus

tags:

views:

answers:

Identify valid server in XML-RPC request using PHP

related questions