You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@ws.apache.org by Manolis Mavrikis <ma...@maths.ed.ac.uk> on 2003/03/05 12:30:51 UTC

security issues with XmlRpcServer

Guys,

 our cautious support people here in the department are nagging about allowing
me to open an XMLRPC socket to public access, but this is really necessery for
people using my educational software from their home instead of being in our domain.

 Do you know any security issues-hacks that could do any harm so as I can
convince him to let me open the d*** port.

 Thanks in advance


Manolis

ps. supportive links, documentation would be more than welcome

Re: security issues with XmlRpcServer

Posted by Martin Redington <m....@ucl.ac.uk>.

well, YMMV, but you could use authentication, so that a uname/password 
combination is required, via the AuthenticatedXmlRpcHandler class.

You could also use SSL (the easiest way being to set up SSL in tomcat, 
if you're using that to host the service).

On Wednesday, March 5, 2003, at 11:30 AM, Manolis Mavrikis wrote:

> Guys,
>
>  our cautious support people here in the department are nagging about 
> allowing
> me to open an XMLRPC socket to public access, but this is really 
> necessery for
> people using my educational software from their home instead of being 
> in our domain.
>
>  Do you know any security issues-hacks that could do any harm so as I 
> can
> convince him to let me open the d*** port.
>
>  Thanks in advance
>
>
> Manolis
>
> ps. supportive links, documentation would be more than welcome
>