-- Randal L. Schwartz, Perl hacker

OK, I'm guessing that I'm missing something here....

The Frontier::RPC2 module (more specifically, Frontier::Daemon) includes a simple webserver (using HTTP::Daemon) which, as far as I can tell doesn't support SSL.

For those not familiar with the Frontier::RPC2 modulles, the same command that converts the data into XML, also sends it out.. likewise, at the other end, the same process that takes the data in, also gets it out of XML, so it can be used.

So, based on this, I don't see how Merlyns suggestion works..... (I'm guessing that it doesn't, but as I have far more respect for merlyns knowledge than my own, I'd not be surprised to be proven wrong here....)

My guess, having thought further on this, (and based on the assumption that merlyns suggestion is somehow, not workable) is that to get what I want, I'll have to make alterations/additions to the Frontier::??? modules, so they support some sort of encryption of the XML data objects.

Of course, a more detailed explanation of merlyns answer would suit me down to the ground, if anyone feels like using small enough words...... *grin*

Malach

OK, I am going to try unpack-ing merlyn's word. Just understand that I have not used XML::RPC yet, nor Crypt::SSLeay so I haven't tested anything. I hope you do and report back ;--)

On the client side Frontier::Client relies on LWP::UserAgent to post the XML RPC. Crypt-SSLeay allows you to switch the regular POST to an encrypted one:

# straight from the synopsys
  use LWP::UserAgent;
  my $ua = new LWP::UserAgent;
  my $req = new HTTP::Request('GET', 'https://www.nodeworks.com');
  my $res = $ua->request($req);
  print $res->code."\n";
[download]

So on the client side things should be OK, as merlyn saidyou should just have to install Crypt::SSLeay and then use an https://... as the url parameter for Frontier::Client->new.

Now on the server side things seem a little more complex. Once again I am not really familiar with the problem but here is my take: I am afraid you might have to modify some modules.

A Frontier::Daemon is an HTTP::Daemon, which does not seem to support HTTPS, but which in turn is a IO::Socket::INET, and there I found the IO::Socket::SSL module which covers most of the IO::Socket API, hopefully enough, I haven't tested it, to be used by HTTP::Daemon.

So I would think the easiest method for you would be first to wait for the opinion of monks more versed than me in the dark arts of SSL and networking in general than me, then to contact the author of HTTP::Daemon (Gisle AAs) and check whether any one as implemented HTTPS using his module, and if not to go for it, using IO::Socket::SSL, then send a patch to Gisle and probably to Ken McLeod as I expect some changes to Frontier::Daemon too. You will also earn the respect and gratitude from developers around the world! Good luck.