XML-RPC using HTTP Basic Authentification |
[eluser]sramage[/eluser]
Hi ! I'm new in CI and I'm trying to replace a XML-RPC server and client written using this lib http://phpxmlrpc.sourceforge.net by CI XML-RPC classes. I need some security around this server so I have implemented a little HTTP Basic authentication on the server by adding this on the server controler : Code: $user = $this->input->server('PHP_AUTH_USER'); it's works ! now I'm trying to make a client working, but it can't connect using something like "http://username:[email protected]/index.php/rpc" How can I secure my server? is HTTP Authentification the solution? How make it to work ? Thank you
[eluser]sramage[/eluser]
Finally I solve my problem by writing a new XML-RPC library for CI based on the lib found at http://phpxmlrpc.sourceforge.net It works good and now I have more functionalities like gzip compression, HTTP Authentification. Writing a new lib is very easy, CI is really powerful !
[eluser]johnwbaxter[/eluser]
Why don't you contribute your new libraries to the wiki?
[eluser]Leonard Yulianus[/eluser]
[quote author="sramage" date="1226000130"]Finally I solve my problem by writing a new XML-RPC library for CI based on the lib found at http://phpxmlrpc.sourceforge.net It works good and now I have more functionalities like gzip compression, HTTP Authentification. Writing a new lib is very easy, CI is really powerful ![/quote] yeah i really want to see your approach to this problem...
[eluser]sramage[/eluser]
I don't know how put it on the wiki so I post here: XML-RPC client library: Code: <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); XML-RPC server library Code: <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); the folder APPPATH/libraries/xmlrpc contain the xmlrpc files. usage example : client : Code: $server_url = 'http://username:[email protected]/index.php?/rpc/xmlrpc_srv'; server: Code: <?php
[eluser]iDVB[/eluser]
Is this really a reliable/secure way to authenticate? Can't someone just sniff your user name and pass? I'm also currently looking for an XML-RPC authentication method.
[eluser]sramage[/eluser]
Hi ! it's just an HTTP Basic Authentification so someone can sniff the username and password just like a website that use basic HTTP Authentification. If you want an more secure system, maybe you need to use ssl.
[eluser]WebMada[/eluser]
I don't understand the problem in this topic: Why don't using the XML RPC library coming with CI? In fact, is not there a system of session, token and authentication in XML RPC? |
Welcome Guest, Not a member yet? Register Sign In |