[wp-hackers] Wordpress User Authentication
Joseph Scott
joseph at randomnetworks.com
Fri Jun 18 23:15:40 UTC 2004
On Jun 18, 2004, at 3:45 PM, Simon Willison wrote:
> On Fri, 18 Jun 2004 16:04:27 -0500, Alex <nessence at gmail.com> wrote:
>> I think we hit on two things
>>
>> a) Being able to authenticate using a non-WP-specific interface (eg,
>> LDAP, another site, etc)
>>
>> b) Being able to use WP as a secure mechanism of authentication for an
>> external system. For example, a script which is to large to be a WP
>> plugin, but may want to use WP as a means of authentication and which
>> is WP-centric.
>>
>> derivative of b):
>> c) Foreign API access (with the ability to do more than just check
>> authentication, and is secure)
>
> I'd just like to note that for me, pluggable authentication would be
> an absolutely killer feature. I've lost count of the number of times
>
> added authentication against WordPress. Of course, it's possible to do
> this right now by running queries directly against the WordPress user
> database table but it would be far neater using API functions.
>
> I'm sure these functions already exist, but expressly documenting them
> as "stable" for other apps to authenticate against would be a huge
> boost.
So perhaps the approach should be plugin approach to WP
authentication, along with something like an XML-RPC authentication API
for other 'systems' to authenticate using WP (which in turn uses
whatever plugin has been setup). If you wanted to enforce more
security only allow XML-RPC auth requests that come in via https.
--
Joseph Scott
http://joseph.randomnetworks.com/
More information about the hackers
mailing list