Fog Creek Software
Discussion Board




Using SSL for XML-RPC

I am opening a server for xml-rpc from multiple known servers. The server has a couple of APIs exposed that users can access through XML-RPC.

At the moment users send their user names and passwords through base64 encode before they can access the APIs exposed.

Can I use ssl for extra security?

Rhinestone Cowboy
Tuesday, January 27, 2004

you probably SHOULD use SSL for added security.

christopher baus (www.baus.net)
Tuesday, January 27, 2004

Considering that you currently have NO security (base64 isn't encryption!) anything you add will help.

Chris Tavares
Tuesday, January 27, 2004

As the last poster said, using base64 is just fooling yourself.  I wouldn't even bother with it, as it provides 0 security.

christopher baus (www.baus.net)
Tuesday, January 27, 2004

Take a look at the security layer that was added to the Atom API. It doesn't require SSL and it provides a nice extension to the standard HTTP authentication mechanism.

Jeff Watkins
Tuesday, January 27, 2004

You should NOT be sending passwords (cleartext or base64) over the wire! I better solution is a challenge/response message digest (which is already part of HTTP/1.1).

runtime
Tuesday, January 27, 2004

*  Recent Topics

*  Fog Creek Home