Hi David, Please report a bug on bugs.php.net (assign it to dmitry). I'll look into it later. Thanks. Dmitry. David Zülke wrote: > This sounds like a serious issue, but I'm not sure if it's in libxml or > in ext/soap. Will have a look later; but maybe Dmitry or someone else > knows off the top of their heads? > > - David > > > Begin forwarded message: > >> From: Davide Romanini <davide.romanini@gmail.com> >> Date: 30. Juni 2009 11:49:30 MESZ >> To: soap@lists.php.net >> Subject: SOAPClient authentication problem >> Reply-To: d.romanini@cineca.it >> >> Hi, >> >> Today I found a nasty problem with a simple php SOAP client. Never had >> problems before, but today I have the following error at SOAPClient >> constructor line: >> >> SoapClient::SoapClient(http://www.w3.org/2001/xml.xsd): failed to open >> stream: HTTP request failed! HTTP/1.1 401 Authorization Required >> >> The source is as simple as: >> >> $client = new SoapClient("http://my.host.com/my_web_service?wsdl", >> array( 'trace' => TRUE, >> 'login'=>'mylogin', >> 'password'=>'secret' >> ) >> ); >> >> It seems that the php xml parser tries to fetch the url >> http://www.w3.org/2001/xml.xsd at wsdl parsing time. Sniffing the >> network operations I found that php uses my login and password (for the >> web service) also to access external references! :-O >> >> GET /2001/xml.xsd HTTP/1.0 >> Authorization: Basic bXlsb2dpbjpzZWNyZXQ= >> Host: www.w3.org >> >> In the past probably w3.org just ignored the issue, but now I receive an >> HTTP 401 Unauthorized error in response... >> >> In any case it is a serious security issue if SOAPClient sends password >> around the web, when the intent is that they are used only for the web >> service host! >> >> I tried the following PHP versions: >> >> PHP 5.2.3-1ubuntu6.5 (cli) (built: Feb 11 2009 19:55:53) >> Copyright (c) 1997-2007 The PHP Group >> Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies >> >> PHP 5.2.8 (cli) (built: Dec 17 2008 00:54:27) >> Copyright (c) 1997-2008 The PHP Group >> Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies >> with Zend Extension Manager v1.0.11, Copyright (c) 2003-2006, by >> Zend Technologies >> with Zend Optimizer v3.2.0, Copyright (c) 1998-2006, by Zend >> Technologies >> with Zend Debugger v5.2.2, Copyright (c) 1999-2006, by Zend >> Technologies >> >> >> Regards, >> Davide >> >> -- >> PHP Soap Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> > -- PHP Soap Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php