[wp-hackers] PhoneBlogz - blogging by phone, testers needed!

Owen Winkler ringmaster at midnightcircus.com
Fri Jan 6 22:24:46 GMT 2006


Matthew Butt wrote:
> Thanks for the input.  What I was hoping to do is use the 
> already-present methods of posting, ie XMLRPC (why reinvent the 
> wheel?).  This makes it easy for many reasons, but from a security point 
> of view there are obvious issues.
> 
> I’ll probably end up providing modules for various pieces of software 
> (Wordpress, Drupal etc) but allow users to also use direct posting if 
> they’re OK with the security issues.  Hopefully that’ll keep the 
> majority of people happy.

Your situation is not uncommon.  I already use audioblogger.com to do 
exactly what your service does.  It uses XMLRPC to post to blogs, too.

Flickr doesn't use the method previously described when it posts to 
WordPress sites - it, too, uses XMLRPC.

In fact, implmenting XMLRPC posting is a best bet, since WordPress' 
support for XMLRPC is mostly mimicking what other blog tools already do 
with the Metaweblog API and similar protocols.  It's not a bad bet that 
you'd be able to most to MT using XMLRPC set up almost exactly like it 
is for WordPress (with the minor exception of the blog id).

For users who are concerned over security, you can easily create a new 
user on your site with its own password and grant it only draft-writing 
permissions or authoring permissions.  This can be done in either WP 
1.5.2 or 2.0.

The login will be ineffective for doing anything but writing new posts. 
  Anyone who blogs enough to want to call their blog is probably going 
to notice if a service does the one bad thing that it could do with that 
level of permissions and starts posting willy-nilly.

Owen



More information about the wp-hackers mailing list