Re: Re: Nusoap-general digest, Vol 1 #871 - 3 msgs

This does put the username and password in the source code.  Anyone who can 
obtain the source will then know how to authenticate.  Over the wire, the 
username and password are encrypted within the SSL tunnel.

Scott Nichol

Do not send e-mail directly to this e-mail address,
because it is filtered to accept only mail from
specific mail lists.
----- Original Message ----- 
From: <Russell.Reynolds@xxxxxxxxx>
To: <nusoap-general@xxxxxxxxxxxxxxxxxxxxx>
Sent: Friday, April 08, 2005 12:38 PM
Subject: [Nusoap-general] Re: Nusoap-general digest, Vol 1 #871 - 3 msgs


> I could be mistaken, but don't you defeat the purpose of SSL when you put 
> username/password info in GET request?
> 
> soapclient("
> https://$proxyusername:$proxypassword@xxxxxxxxxxxx/SOAPSERVER.php?wsdl
> ",true);
> 
> And if so, does
> $client->setCredentials($proxyusername,$proxypassword);
> 
> set the client up to POST them instead of GET them?
> 
> Thanks.
> 
> 
> 
> -----------------------------
> 
> POST the username password
> 
> Message: 3
> From: "I l" <isster@xxxxxxxxxxx>
> To: Nusoap-general@xxxxxxxxxxxxxxxxxxxxx
> Subject: Re: [Nusoap-general] User Authentication
> Date: Thu, 07 Apr 2005 18:57:39 +0000
> 
> Ok, I figured out how to do authentication on apache.
> 
> You first modify your apache http.conf file to include this directive (you 
> 
> can also use .htaccess file):
> 
> <Location /SOAPSERVER.php>
>     AuthType Basic
>     AuthName "SOAP Access"
>     AuthUserFile /etc/httpd/conf/passwd/passwords
>     require valid-user
> </Location>
> 
> where SOAPSERVER.php is your soap server you want to protect and require 
> authentication.
> 
> "AuthUserFile" is the passowrd file that contains all the users and 
> passwords on apache. (you must use "htpasswd" to create this file)
> 
> "require valid-user"-means that the only people allowed to access your 
> SOAPSERVER.php are in passwords file.
> 
> Then on the client side, espcially if your website uses https, you would 
> write
> 
> 
> $proxyusername = 'mike';
> $proxypassword = 'pass2342';
> 
> $client = new 
> soapclient("
> https://$proxyusername:$proxypassword@xxxxxxxxxxxx/SOAPSERVER.php?wsdl
> ",true);
> $client->setCredentials($proxyusername,$proxypassword);
> 
> The above information is incomplete, but should at least get you started. 
> Use these links to help:
> 
> http://httpd.apache.org/docs-2.0/howto/auth.html
> http://www.serviceobjects.com/forum/display_topic_threads.asp?ForumID=12&TopicID=58&PagePosition=1


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click