Background
==========

A substantial effort has been made to eliminate buffer overflows and other
bugs in the XML-RPC core (please see the file TESTING for details).
However, this code has not yet been extensively audited by third parties.

Also, no attempt has been made to locate or fix security problems with any
of the external libraries (expat, libwww and Abyss). In particular, Abyss
is prerelease software, and may contain buffer overflows or other major
security problems.

If you're extremely security-conscious, you may want to carefully audit the
XML-RPC core, and supply your own HTTP code.


Security Advisories
===================

Security advisories related to xmlrpc-c will normally be posted to
xmlrpc-c-announce and xmlrpc-c-devel.  You can subscribe to either or both
mailing lists using the web:

  http://xmlrpc-c.sourceforge.net/lists.php

We also plan to add a section to the website listing all security
advisories and their current status.


XML-RPC Security
================

In addition, there are some security issues inherent in XML-RPC:

  1) All XML-RPC calls are sent over the network unencrypted. This means
     that they can be viewed with standard packet-sniffing and network
     administration tools.

     This is especially dangerous because XML-RPC is a stateless protocol.
     If you include reusable authentication tokens in an XML-RPC call, they
     can probably be sniffed and used by attackers.

     You can solve this problem by using SSL.  Recent versions of xmlrpc-c
     should support SSL, but it's still hard to set up.

  2) The is no security built into XML-RPC by default--any client can call
     any function on any visible server. It is the server's responsibility
     to determine which calls are authorized. Most programmers lack the
     knowledge to write serious security software, and may make mistakes
     in their authentication routines.

  3) XML-RPC is a complex protocol based on complex data structures. Lots
     of potentially buggy code gets run between the time network data is
     received, and the time it is understood.
