[nycphp-talk] Authentication with XML-RPC

max goldberg max.goldberg at
Thu Jun 10 13:47:33 EDT 2004

Roughly a year and half ago I was tasked with designing somewhat of a
"data warehouse" for a liquor company. What they wanted was a
centralized location for all customer data, survey information, and
user accounting. This was done for a couple of reasons, foremost they
wanted customer information in a standard format. They were having to
pay people to write custom reporting tools each time they wanted to
get statistics for a different site. Secondly, it meant that credit
card numbers and other private information wouldn't be stored all over
the place, with various companies.

Granted I only designed the project and it was then handed off to
another company to build it (insert spite here), but I did build a
prototype. After deciding on XML-RPC for the data transactions,
authentication was also an area of interest to me.

The remote web servers would connect when getting a piece of customer
information such as an address, or when a user would try to log into a

It followed a path similar to this:

Web server connects to data warehouse.
Web server authenticates with data warehouse.
-Data warehouse figures out what this web server has access to do.
Web server requests data or authenticates a user.
Data warehouse gives data or user permissions.

I was using shared memory to keep track of sessions, but most of the
time I just had curl open up a persistent connection and made sort of
a daemon on the other side.

A few things I tried:

Basic HTTP authentication
Challenge based authentication.
mod_ssl requiring client certificates.

What I found is that when the remote servers are on reasonably fast,
low latency connections, any of the above combined with SSL is secure
and easy enough for basic authentication. When testing prototypes it
was fast enough that a user definitely wouldn't notice, surprisingly.

I hope that helps, you may also want to look into:

although I never have.

If you are still scratching your head after playing around with this
for a while, I may be able to dig up some examples from my prototype
for you.


On Thu, 10 Jun 2004 12:27:55 -0400 (EDT), Adam Maccabee Trachtenberg
<adam at> wrote:
> On Thu, 10 Jun 2004, Jayesh Sheth wrote:
> > I recently bought the Essential PHP Tools book by David Sklar, and I
> > must say that I found it to be excellent.
> As a biased observer, if you like (or even dislike) a computer book a
> great way to help (or punish) the author is to write a review for
> Amazon.Com.
> It doesn't need to be long and fancy; even a short review that's to
> the point and highlights why the book is (or isn't) helpful is
> great and can help boost sales.
> If you're a big fan, consider submitting a book review to
> slashdot. It's a good way to get your name out and help the author at
> the same time. :)
> -adam
> --
> adam at
> author of o'reilly's php cookbook
> avoid the holiday rush, buy your copy today!
> _______________________________________________
> talk mailing list
> talk at

More information about the talk mailing list