[geeklog-devel] Webservices API in CVS
tony at tonybibbs.com
Mon Aug 13 08:48:27 EDT 2007
FWIW, you guys may want to check into how the GL2 codebase implemented security at the WS layer.
----- Original Message ----
From: Blaine Lang <devel at portalparts.com>
To: Geeklog Development <geeklog-devel at lists.geeklog.net>
Sent: Saturday, August 11, 2007 8:08:18 PM
Subject: Re: [geeklog-devel] Webservices API in CVS
I like the generic API PLG_invokeService and agree that being generic it
can be of use.
Although, I think the full power of webservices would be seen if we did
implement security and this is how it could be implemented:
You send a "authenticate" verb with you username and password and get
back a secure oid (object id) that is like the MD5 password field now.
This is not something a hacker would easily get. Now once we have the
oid, it would be passed in as a parm for all secure calls.
RSS Feeds are great for public access data. But what if I wanted to have
remote access to secure files or forum posts. Someone could post now to
the forum as their userid. I think without security, all requests are
anonymous and I'm trying to think of where this is better then the RSS
get new privatemessages
get file (secure category)
Dirk Haun wrote:
> If you're getting a note about an undefined function:
> service_getTopicList_staticpages() in plugins/staticpages/
> services.inc.php is calling a function COM_topicArray(). Not sure where
> that's coming from - I don't have the code for such a function.
> Just comment it out or update from CVS again.
> Also, I forgot to point out that the Webservices API requires PHP 5. We
> should probably add a check for that somewhere ...
> bye, Dirk
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
More information about the geeklog-devel