On 2/8/02 6:39 PM, "Seth Dillingham" <
seth@macrobyte.net> is rumored to have
written:
>
http://www.truerwords.net/1643
> --------------------------------------------------
>
> On 2/8/02, Clark Venable said:
>
>> Is there a way to keep the xmlrpc call (which includes a password)
>> from prying eyes? Can it be tunneled somehow?
>
> Well, I'm not sure who would see the call.
>
> In radio, this is a script that would be sitting on your machine, and
> would be run before the page is uplaoded to the "cloud" or wherever your
> site lives. The result of the script would be in the web page, not the
> script itself: in other words, nobody sees your password.
But before your workstation can render the page with the included script
result (not the script), doesn't the workstation have to communicate with
the server to get the result, and isn't that password sent in the clear?
>
> In fact, the only time I think anybody would see the password is when
> you're intentionally sharing copies of your script. In that case,
> you have to be careful to remove your password before sharing the script
> with anyone... but that's true whenever you share a script.
>
> It's possible that I don't understand the specific situation you're
> thinking about. :-)
What I'm thinking of is that in health care, privacy regulations are coming
online soon that are very specific with regards to encryptions of patient
information (that's the extent of my understanding).
>
> Seth
>
>
