[wp-trac] Re: [WordPress Trac] #7157: Disable APP and XMLRPC
publishing by default
WordPress Trac
wp-trac at lists.automattic.com
Sat Jun 21 14:43:32 GMT 2008
#7157: Disable APP and XMLRPC publishing by default
-------------------------+--------------------------------------------------
Reporter: westi | Owner: westi
Type: enhancement | Status: new
Priority: high | Milestone: 2.6
Component: Security | Version: 2.6
Severity: normal | Resolution:
Keywords: has-patch |
-------------------------+--------------------------------------------------
Comment (by redsweater):
Great points UseShots. I think you're right about the "deciding later" to
use a remote client. All in all I think this change will be disappointing
for remote editors, and their users, but I like your idea about at least
providing a meaningful way of detecting this condition.
One of the major nuisances with Movable Type is that users are required to
know about and then use a separate "web services" password. It would help
a lot in their case if they just arranged for the authentication failure
to explain what might be going wrong.
Is it at all worth considering a "secured mode" xmlrpc.php and app.php,
that just returns an error stating that the user has not enabled access?
--
Ticket URL: <http://trac.wordpress.org/ticket/7157#comment:9>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list