Hi,I've been setting up xmlrpc and the sync plugin for my personal website, so that I can maintain a local version on my laptop which I can sync up to the web when I'm finished editing. The plugin looks like being very useful, but I need to know about the security issues of using xmlrpc over http.
My webspace provider charges extra for https access, so I would like to avoid using this, but I am concerned that according to the xmlrpc docs, it is a security risk to use this over http. (At the moment I am enabling xmlrpc while doing a sync and then disabling it afterwards, but it would be nice to be able to leave it open.)
Could you let me know a bit more about what the risks are; for example how much more of a risk is it to use xmlrpc over http than just to do a standard site login over http?
Thanks, andy baxter http://highfellow.org -- DokuWiki mailing list - more info at http://www.dokuwiki.org/mailinglist