Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<blockquote> <p><em>...I'm using the code below but still getting an authentication failure</em></p> </blockquote> <p>Double-check that the remote webserver is accepting HTTP Basic Authentication for the resource <code>/xmlrpc.php</code>, and that it further accepts your <code>@username</code> and <code>@password</code>.</p> <p>Per the <a href="http://www.fantasy-coders.de/ruby/xmlrpc4r/client.html" rel="nofollow noreferrer">docs</a>, your XMLRPC incantation for an RPC <code>client.call("bwizzy")</code> will generate something with Basic Auth like this:</p> <pre><code>POST /xmlrpc.php HTTP/1.1 User-Agent: XMLRPC::Client (Ruby 1.9.1) Content-Type: text/xml; charset=utf-8 Content-Length: 88 Connection: keep-alive Authorization: Basic c3RhY2s6b3ZlcmZsb3c= Accept: */* Host: localhost &lt;?xml version="1.0"&gt;&lt;methodCall&gt;&lt;methodName&gt;bwizzy&lt;/methodName&gt;&lt;/params&gt;&lt;/methodCall&gt; </code></pre> <p>(Please don't complain to me about the order of those headers -- that's what I see on the wire! :))</p> <p>Now, XML-RPC does not itself provide for authentication, so you have a few general options:</p> <ol> <li><p>Use typical "web auth" techniques<br/> HTTP Authorization schemes, like you are currently using. Trusted client-side certs. Cookie authentication tokens. Etc.<br/> Typical web auth techniques carry common risks, however. Poke around SO for more guidance here.</p></li> <li><p>Extend the RPC functions to support user-defined auth<br/> For example, the RPC call <code>bwizzy</code> might take a username and password as arguments.<br/> Or a login RPC function might generate a time-limited token to be used as a Cookie.<br/> This approach is invasive -- now your RPC calls have to be auth-aware -- and error-prone -- now you have to implement auth yourself.</p></li> <li><p>Extend XML-RPC itself<br/> The XML RPC calls could be themselves signed or signed and encrypted, for example, ala SOAP's <a href="http://www.w3.org/TR/SOAP-dsig/" rel="nofollow noreferrer">digital signatures</a></p></li> </ol>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload