[wp-hackers] PhoneBlogz - blogging by phone, testers needed!
Matthew Butt
matt at preinvent.com
Fri Jan 6 19:23:45 GMT 2006
Thanks for the input. What I was hoping to do is use the already-present
methods of posting, ie XMLRPC (why reinvent the wheel?). This makes it easy
for many reasons, but from a security point of view there are obvious
issues.
I'll probably end up providing modules for various pieces of software
(Wordpress, Drupal etc) but allow users to also use direct posting if
they're OK with the security issues. Hopefully that'll keep the majority of
people happy.
Thanks again,
Matt
_____
Has Flickr solved this problem with the way they allow 3rd parties to
authenticate against their system?
Yes, they now use a secret, token/fob system for users to grant access to
programs on a program by program basis. So, if you decided that you didn't
want a specific application to use your credentials anymore, you can deny it
access. More information can be found:
http://www.flickr.com/services/api/misc.userauth.html
However, keep in mind that since flickr is a controlled service (e.g. it is
only ever in "one" location), they can afford to use the model that they
have in place. With distributed installations of wordpress (with the
exception being wordpress.com) other logistical alternatives might need to
be looked at since keeping all authentication on many different servers
provides just as many challenges, if not more, than just having it on only
one.
Hope that helps,
Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://comox.textdrive.com/pipermail/wp-hackers/attachments/20060106/4cc1cfb6/attachment-0001.htm
More information about the wp-hackers
mailing list