authentication for xmlrpc via cgi

Discussion in 'Python' started by qhfgva@gmail.com, Sep 22, 2005.

  1. Guest

    I'm using python 2.2 (hopefully we'll be upgrading our system to 2.3
    soon) and I'm trying to prototype some xml-rpc via cgi functionality.
    If I override the Transport class on the xmlrpclib client and add some
    random header like "Junk", then when I have my xmlrpc server log it's
    environment when running, I see the HTTP_JUNK header. If I do this
    with AUTHORIZATION, the header is not found.

    Does this ring a bell for anyone? Am I misunderstanding how to use
    this header? I'm guessing that Apache might be eating this header, but
    I don't know why.

    thanks,

    dustin
     
    , Sep 22, 2005
    #1
    1. Advertisements

  2. writes:

    > I'm using python 2.2 (hopefully we'll be upgrading our system to 2.3
    > soon) and I'm trying to prototype some xml-rpc via cgi functionality.
    > If I override the Transport class on the xmlrpclib client and add some
    > random header like "Junk", then when I have my xmlrpc server log it's
    > environment when running, I see the HTTP_JUNK header. If I do this
    > with AUTHORIZATION, the header is not found.
    >
    > Does this ring a bell for anyone? Am I misunderstanding how to use
    > this header? I'm guessing that Apache might be eating this header, but
    > I don't know why.


    By default, Apache does eat that. It's a compile time default; the
    Apache developers think it's a security hole. Here's a note about it:

    http://httpd.apache.org/dev/apidoc/apidoc_SECURITY_HOLE_PASS_AUTHORIZATION.html

    From what I can see, this is still true in Apache 2.

    --
    |>|\/|<
    /--------------------------------------------------------------------------\
    |David M. Cooke
    |cookedm(at)physics(dot)mcmaster(dot)ca
     
    David M. Cooke, Sep 22, 2005
    #2
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Shailan
    Replies:
    2
    Views:
    1,455
    Shailan
    Dec 15, 2003
  2. John Smith
    Replies:
    0
    Views:
    3,439
    John Smith
    May 15, 2006
  3. Ben

    xmlrpc via local proxy

    Ben, Nov 2, 2003, in forum: Python
    Replies:
    1
    Views:
    582
    Emile van Sebille
    Nov 2, 2003
  4. Etienne Posthumus
    Replies:
    1
    Views:
    1,407
    Roger Binns
    Apr 1, 2004
  5. Simon Wittber

    {SPAM?} SQL Qeries via XMLRPC

    Simon Wittber, Aug 10, 2004, in forum: Python
    Replies:
    4
    Views:
    921
    Lawrence Oluyede
    Aug 12, 2004
  6. Chris Curvey

    xmlrpc server running behind IIS as a CGI

    Chris Curvey, May 2, 2005, in forum: Python
    Replies:
    0
    Views:
    476
    Chris Curvey
    May 2, 2005
  7. Mike MacHenry

    Simple CGI-XMLRPC failure

    Mike MacHenry, Jan 12, 2009, in forum: Python
    Replies:
    4
    Views:
    697
    Jeff McNeil
    Jan 13, 2009
  8. John Miller
    Replies:
    4
    Views:
    208
    John Miller
    Apr 5, 2007
Loading...