[geeklog-devel] About the "internal" and Webservices APIs
dirk at haun-online.de
Sat Aug 11 04:22:34 EDT 2007
Joe Mucchiello wrote:
>$ret = PLG_invokeService('myplugin',$mode, $A, $display, $error);
For the (end-user visble) index.php, I would assume that you'd only
allow the 'get' verb here.
>Getting back to security, does the webservice API do any scrubbing
>before calling the PLG_invokeService call?
No. Security is effectively done behind the PLG_invokeService call, in
the plugin. The webservices API doesn't know anything about the plugin's
idea of security - and how could it?
I would assume it's doing some scrubbing but only as far as the protocol
(e.g. Atompub) is concerned.
Geeklog Day at FrOSCon: August 25, 2007 - See you there!
More information about the geeklog-devel