[geeklog-devel] About the "internal" and Webservices APIs

Dirk Haun dirk at haun-online.de
Sat Aug 11 04:22:34 EDT 2007


Joe Mucchiello wrote:

>$ret = PLG_invokeService('myplugin',$mode, $A, $display, $error);

For the (end-user visble) index.php, I would assume that you'd only
allow the 'get' verb here.


>Getting back to security, does the webservice API do any scrubbing 
>before calling the PLG_invokeService call?

No. Security is effectively done behind the PLG_invokeService call, in
the plugin. The webservices API doesn't know anything about the plugin's
idea of security - and how could it?

I would assume it's doing some scrubbing but only as far as the protocol
(e.g. Atompub) is concerned.

bye, Dirk


-- 
Geeklog Day at FrOSCon: August 25, 2007 - See you there!
http://www.geeklog.net/article.php/geeklog-day-at-froscon




More information about the geeklog-devel mailing list