views:

122

answers:

1

I have a basic xml-rpc web service service running.
What is the simplest way(I'm a newbie) to implement secure authentication?
I just need some direction.. thanks in advance !

+2  A: 

You could checkout This code for a simple XML-RPC server over HTTPS. Authentication can work in any way you wish ... they could authenticate with some credentials and you provide a cookie for the rest of the session.

The Python docs for xmlrpc include details of using the HTTP 'Authorization' header for passing in credentials.

Here is some code that uses Twisted to implement a xmlrpc auth mechanism, which could easily use HTTPS instead of HTTP.

This guy has written a HTTPS XML-RPC setup with authorization which you can download. There are tons of resources, and ways of doing this which are easily googleable. This all depends on if you are using mod_wsgi for example, or writing a standalone server using Twisted.

Bottom line:

a) Use SSL for communication
b) Use the HTTP authorization mechanism

Aiden Bell
Thanks for the input!
Rohit