+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: What exactly is XML-RPC? (/showthread.php?tid=16648)
What exactly is XML-RPC? - El Forum - 03-12-2009
[eluser]RS71[/eluser]
Hello
I'm having a hard time understanding XML-RPC and why and when should I use it. Could somebody help me out?
Thanks in advance
What exactly is XML-RPC? - El Forum - 03-12-2009
[eluser]Nick Husher[/eluser]
XML-RPC is a standard for carrying out Remote Procedure Calls via passing XML documents between client and server. A remote procedure call is a process by which one party in a transaction causes the other party to carry out some subroutine based on the data sent.
A good example is the Flickr API's XML-RPC spec. You send a request at a particular URL (http://api.flickr.com/services/xmlrpc/) via POST. That request consists of an XML document that contains a method to call (e.g. flickr.photos.search), and a series of arguments (api_key = 0000, tags=capecod,massachusetts). It runs that "function" on its end and responds with an XML document that contains the results of that action.
What exactly is XML-RPC? - El Forum - 04-01-2009
[eluser]Mark Unwin[/eluser]
And the benefit of XML-RPC over a HTML form is ?
Apologies for my newb'ness, but they seem to accomplish the same thing.
What exactly is XML-RPC? - El Forum - 04-02-2009
[eluser]Phil Sturgeon[/eluser]
A HTTP form would not only send data to the remote server but it would send the user there too. Meaning if you were trying to integrate some Flickr interaction into your app, each form submit would send the user to Flickr and away from you app!
XML-RPC, SOAP, REST etc all send and receive data on the backend without sending the user all over the place.
This is handy if you use 2 or more servers for your website. Here are work we have 6 clones running as web-servers and one server offering up data via XML-RPC, REST and MySQL.
Before you ask, an obvious advantage of XML-RPC over MySQL is that you do not need to know the database passwords.
What exactly is XML-RPC? - El Forum - 04-02-2009
[eluser]Nick Husher[/eluser]
XML-RPC is used most-often as a backend communication method--where one server asks another server for information--which means that there is no "sending the user all over the place" because all the calls are entirely stateless and take place on a server somewhere. The only time you'd be concerned about moving the client-user around is if you were communicating data between servers on the frontend.
Another advantage of encapsulating your database in XML-RPC spec is that you can insulate your database server from the outside world to prevent an anonymous malicious application from carrying out dangerous operations. Flickr, for example, has a procedure you must direct your users through to authorize your application to make destructive operations.
What exactly is XML-RPC? - El Forum - 04-02-2009
[eluser]Mark Unwin[/eluser]
Quote:XML-RPC is used most-often as a backend communication method—where one server asks another server for information—which means that there is no “sending the user all over the place” because all the calls are entirely stateless and take place on a server somewhere. The only time you’d be concerned about moving the client-user around is if you were communicating data between servers on the frontend.
My thoughts exactly. I have had a couple of people say "your users will be directed there". My response was as yours is.
Quote:Another advantage of encapsulating your database in XML-RPC spec is that you can insulate your database server from the outside world to prevent an anonymous malicious application from carrying out dangerous operations. Flickr, for example, has a procedure you must direct your users through to authorize your application to make destructive operations.
OK sure. But I am assuming the only services you would wish to make available via XML-RPC would be "public" consumable ones ? What about data that requires user authentication ? I assume you could set it up using HTTPS and send the credentials in the XML. Just doesn't seem "right" to me - but I could be way off track here...
What exactly is XML-RPC? - El Forum - 04-03-2009
[eluser]Phil Sturgeon[/eluser]
Yes you can send the server authorisation credentials to get protected data too. Can be done with HTTP Basic / Digest that I know of, and probably a few other ways too.
What exactly is XML-RPC? - El Forum - 04-03-2009
[eluser]Nick Husher[/eluser]
Most of the RPC-based APIs out there have a way of authenticating. Generally this involves sending public/private key hashes around and other such identity-assuring methods. But when you adopt XML-RPC, you're adopting a conservative footing in regards to what data and actions your users have access to, even if your users need to authenticate to use it.
For example, an unwitting and well-intentioned user might run a SQL operation that damages your foreign key relationships in your database. Such a thing wouldn't be possible with XML-RPC, because you wouldn't have any reason to expose that kind of functionality through the RPC interface. The ability to selectively error-check and alter incoming requests is part of the encapsulating power of an RPC interface.