Join Up! 104886 members and counting!

Login To PHPBuilder User Name: Password: Register A New Site Account * NOTE: This is for logging into the main site only! To login to the forums, click here

Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Hiermenus DatabaseJournal Technology Jobs Covalent Extends Apache 2.0 to Microsoft ASP.NET ShopWorX - Support for Windows PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 Network Risk Assessment Full-Featured, Java-Based Apache GUI Where did they go today? Validating PHP User Sessions Profiling PHP Code with Xdebug and KCacheGrind PHP Templates: Revisited Introducing the Yii PHP Framework

php-general | 2001092

From: Bill Lubanovic (bill <email protected>)
Date: 09/19/01

• Next message: Rick Gardner: "[PHP] Re: [PHP-DB] Cross site authentication"
• Previous message: Marcin Floryan: "[PHP] PHP 4.0.6 + Oracle9i + CPDF lib - large file problem (segmentation fault)"
• In reply to: Hoover, Josh: "[PHP] RE: [PHP-DB] Cross site authentication"
• Next in thread: Rick Gardner: "[PHP] Re: [PHP-DB] Cross site authentication"
• Reply: Rick Gardner: "[PHP] Re: [PHP-DB] Cross site authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> "Hoover, Josh" wrote:
>
> What about if your XML-RPC calls are run over SSL? That would make
> them secure I believe. Now the question becomes whether any of the
> PHP XML-RPC classes support SSL. Anyone know if any/all of the
> classes support SSL?
>
> Josh Hoover
> KnowledgeStorm, Inc.
> jhoover <email protected>
>
> Searching for a new IT solution for your company? Need to improve your
> product marketing?
> Visit KnowledgeStorm at www.knowledgestorm.com to learn how we can
> simplify the process for you.
> KnowledgeStorm - Your IT Search Starts Here
>
> > XML-RPC or SOAP structure the data better than GET or POST, but they
>
> > don't address the security issues. We can't send names, passwords,
> or
> > ids, no matter how we wrap them. How can platform A tell platform
> B
> > that it's authenticated someone? How can B trust A?

SSL avoids the problem of someone sniffing the plain text data. We
still have the problem: what data do we send? Anyone can forge
credentials and send them over SSL. How does B know it came from A? I'm
thinking of some key exchange method, but portability between the
Microsoft and UNIX worlds makes this even trickier.

-- 
Bill Lubanovic
Mad Scheme Limited
-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-general-unsubscribe <email protected>
For additional commands, e-mail: php-general-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

• Next message: Rick Gardner: "[PHP] Re: [PHP-DB] Cross site authentication"
• Previous message: Marcin Floryan: "[PHP] PHP 4.0.6 + Oracle9i + CPDF lib - large file problem (segmentation fault)"
• In reply to: Hoover, Josh: "[PHP] RE: [PHP-DB] Cross site authentication"
• Next in thread: Rick Gardner: "[PHP] Re: [PHP-DB] Cross site authentication"
• Reply: Rick Gardner: "[PHP] Re: [PHP-DB] Cross site authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Columns / Articles | Tips / Quickies | News | News Linking and RSS Feeds | Shared Code Library Mail Archives | Support / Discussion Forums | Get Started! Links | Contribute! | Docs