[nycphp-talk] Secure (XML-RPC) connection
Mitch Pirtle
mitchy at spacemonkeylabs.com
Wed Mar 24 10:12:21 EST 2004
Matthew Terenzio wrote:
> I curious to see what others say, because I've never done this,
> exactly. It sounds like a typical web service, but I'm not sure why it
> is needed to be done this way. With proper precaution, can't the web
> server just interact directly with the database through an SSL?
That's the first thing I do with a fresh PostgreSQL installation, at
least if the webservers are on separate hardware :)
Another alarming phenomenon I have observed is the everything-or-nothing
approach, where the whole shebang is either completely in the open, or
they encrypt everything - even stuff that is then public on the website...
For XML-RPC I've only seen the SSL approach, is there a better practice
for stuff like this?
-- Mitch
More information about the talk
mailing list