Yay.. it works
One tech talk by jace + 2 sleepless nights + ditching all other work = XML-RPC Interface to one of auth servers that I maintain. Now clients/people/programs can auth users, fetch user credentials, even fetch cookies using various methods on this server. ( this is the same server with apache + mod_perl + mysql , with 449 days uptime as of today ).
If you ever wanna try xml-rpc in perl, remember to use Frontier::RPC2 and
How exactly are you managing this?
Does it return a token which you check or it just returns a valid session/user ID?
Also how are you doing the subsequent transactions – or the transactions are discrete?
how exactly are you managing this?
ScriptAlias /RPC2 , read(STDIN, $buffer, $ENV{“CONTENT_LENGTH”});, invoke the method, serve the results back in XML.
Does it return a token which you check or it just returns a valid session/user ID?
authserver.authUser(username,passwd) returns 1/0. Ofcourse I take care of sessions on the server end. Like lockouts, bad attempts etc.
Also how are you doing the subsequent transactions – or the transactions are discrete?
Did not understand your Q 🙂
authserver.authUser(username,passwd) returns 1/0
Isn’t this dicey for auth? or it serves your purpose
ref to our chat a few days back… It should be a md5 string or public key / 0
Did not understand your Q 🙂
Most probably you are doing discretetransactions. It is something like once you have auth’ed against the server you need not send the username/passwd again in subsequent transaction till you close the session (by RPC to logout) OR it expires. you just pass the ID which you get when you auth against the server.
authserver.authUser(username,passwd) returns 1/0
Isn’t this dicey for auth? or it serves your purpose
ref to our chat a few days back… It should be a md5 string or public key / 0
Not really. there is IP based restriction , there is a client ID ( signed hopefully ) , its over https.
The thing is going to be used by some windows based clients… and they will be maintaining their own session. While I maintian my own session on the server end. The clients still dont talk xml-rpc, I just put it on the server side. Need to sit and fig out what exactly the clients need. and yep, forgot to mention md5.
Most probably you are doing discretetransactions. It is something like once you have auth’ed against the server you need not send the username/passwd again in subsequent transaction till you close the session (by RPC to logout) OR it expires. you just pass the ID which you get when you auth against the server.
Its gonna be done by a token. Need to work this out, but something like the cookies