authentication for xmlrpc via cgi

Discussion in 'Python' started by qhfgva@gmail.com, Sep 22, 2005.

  1. Guest

    I'm using python 2.2 (hopefully we'll be upgrading our system to 2.3
    soon) and I'm trying to prototype some xml-rpc via cgi functionality.
    If I override the Transport class on the xmlrpclib client and add some
    random header like "Junk", then when I have my xmlrpc server log it's
    environment when running, I see the HTTP_JUNK header. If I do this
    with AUTHORIZATION, the header is not found.

    Does this ring a bell for anyone? Am I misunderstanding how to use
    this header? I'm guessing that Apache might be eating this header, but
    I don't know why.

    thanks,

    dustin
    , Sep 22, 2005
    #1
    1. Advertising

  2. writes:

    > I'm using python 2.2 (hopefully we'll be upgrading our system to 2.3
    > soon) and I'm trying to prototype some xml-rpc via cgi functionality.
    > If I override the Transport class on the xmlrpclib client and add some
    > random header like "Junk", then when I have my xmlrpc server log it's
    > environment when running, I see the HTTP_JUNK header. If I do this
    > with AUTHORIZATION, the header is not found.
    >
    > Does this ring a bell for anyone? Am I misunderstanding how to use
    > this header? I'm guessing that Apache might be eating this header, but
    > I don't know why.


    By default, Apache does eat that. It's a compile time default; the
    Apache developers think it's a security hole. Here's a note about it:

    http://httpd.apache.org/dev/apidoc/apidoc_SECURITY_HOLE_PASS_AUTHORIZATION.html

    From what I can see, this is still true in Apache 2.

    --
    |>|\/|<
    /--------------------------------------------------------------------------\
    |David M. Cooke
    |cookedm(at)physics(dot)mcmaster(dot)ca
    David M. Cooke, Sep 22, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ben

    xmlrpc via local proxy

    Ben, Nov 2, 2003, in forum: Python
    Replies:
    1
    Views:
    471
    Emile van Sebille
    Nov 2, 2003
  2. Etienne Posthumus
    Replies:
    1
    Views:
    1,105
    Roger Binns
    Apr 1, 2004
  3. Simon Wittber

    {SPAM?} SQL Qeries via XMLRPC

    Simon Wittber, Aug 10, 2004, in forum: Python
    Replies:
    4
    Views:
    680
    Lawrence Oluyede
    Aug 12, 2004
  4. Chris Curvey

    xmlrpc server running behind IIS as a CGI

    Chris Curvey, May 2, 2005, in forum: Python
    Replies:
    0
    Views:
    351
    Chris Curvey
    May 2, 2005
  5. Mike MacHenry

    Simple CGI-XMLRPC failure

    Mike MacHenry, Jan 12, 2009, in forum: Python
    Replies:
    4
    Views:
    581
    Jeff McNeil
    Jan 13, 2009
Loading...

Share This Page