[Sorry, I previously replied to Diez offlist, and probably to a spam-protected address at that. Here's that reply and my followup after reading up on pyro ] On Sat, 12 Mar 2005 11:08:31 -0600, Michael Urman <[EMAIL PROTECTED]> wrote: > On Sat, 12 Mar 2005 14:12:21 +0100, Diez B. Roggisch <[EMAIL PROTECTED]> > wrote: > > This might not be the answer you want, but I'd personally ditch xmlrpc and > > switch to something like pyro or even corba and implement a "real" > > authentication theme. > > I don't have a problem with switching interfaces so long as I can keep > my (admittedly useless) feature of multiple simultaneous connections. > I am hoping to avoid writing an authentication method, as some slight > missteps there could lead to real trouble later; this is why I was > hoping to do unix-domain socket transports which I could just set to > read-write only by the owner on the filesystem itself. > > > With corba/pyro, authenticate would return an object that implicitely has > > all the state needed - nameley who created the connection - and then you > > don't have to bother about that anymore. > > If I can get the authentication that I'm looking for that cheaply, > then this does indeed sound like the way for me to go. I'm not worried > about supporting remote connections, or anything of that nature, so > local identity is sufficient. I'll look into pyro; conveniently > there's a debian package for me to try. > > Thanks Diez! > -m >
Hmm. On inspection, pyro seems to be really heavy, what with its requirement of a pyro-nameserver, and using TCP as the transport. I think I'd still prefer convincing a variant of SimpleXMLRPCServer and xmlrpclib.ServerProxy to use unix domain sockets and using filesystem security to limit access to the owner. Thanks again, -m -- http://mail.python.org/mailman/listinfo/python-list
