Home >  Archive >  2010 >  July >  10


 

Previous / Next

Saving Outlines

By Marc Barrot on Saturday, July 10, 2010 at 8:39 AM.

So I've taken a first look at scripting2.root.  Permanent link to this item in the archive.

Locating scripting2Suite.editor.save is easy. Permanent link to this item in the archive.

Saving to the scripting2 server seems very easy as well: provided we have the outline in OPML format, and that its first summit has the proper scripting2 specific attributes (which it would have if we loaded it from scripting2 in the first place), all we need is to invoke the scripting2.savePost method on the scripting2 XMLRPC server, passing the username and password along with the OPML text. Permanent link to this item in the archive.

Assuming we are performing the save outside the scripting2 tool, this raises a few questions: Permanent link to this item in the archive.

1/ How do we get the host name and root url of the XML-RPC server responsible for publishing the OPML ? Permanent link to this item in the archive.

Within the tool, it is a preference in scripting2Data.editor.prefs.server. Permanent link to this item in the archive.

I understand that for now there is only one edit.scripting2.com/RPC2. Permanent link to this item in the archive.

But hopefully, this will change as others start deploying the tool, possibly in EC2 AMIs. Permanent link to this item in the archive.

So, when we grab the published page's source OPML with a bookmarklet, we need a way to identify which server is responsible for its publication. Permanent link to this item in the archive.

It could be an additional optional attribute in the outline's first node. I haven't noticed anything at this point in the outlines that were saved to iJot. Permanent link to this item in the archive.

The rule could be: the 'xmlrpcserver' attribute identifies where to send save commands if present, otherwise the 'default' value of xmlrpc://edit.scripting2.com/RPC2 is assumed by the 'foreign' code. Permanent link to this item in the archive.

2/ Now for something trickier: how do we manage authentication from an external system ? Permanent link to this item in the archive.

scripting2Data.editor.prefs.username and scripting2Data.editor.prefs.password are part of the tool. Permanent link to this item in the archive.

They are also registered in the copy of the tool responsible for the online rendering, probably in scripting2Data.server.users. Permanent link to this item in the archive.

What we need is a more or less secure way of authenticating a user with the online tool from an external system. Permanent link to this item in the archive.

Dave, do you have anything in mind for an authentication API ? Have you already baked something, or do you want me to code one for you (I would need to ask a few more questions :-) ? Permanent link to this item in the archive.

Should we use a Web 'standard', such as some version of openID or something ? Permanent link to this item in the archive.

Well, on second thoughts, there is no point since the current savePost method requires the transmission of username and password in the clear, Permanent link to this item in the archive.

So the external tool may just prompt for a username and password, then send the savePost call along, and just display an error code if authentication fails when processing the request. Very un-secure, but also very workable :-) Permanent link to this item in the archive.

I do not think security is a top concern when bootstrapping. We will have time to work out something token based later if users clamor for it. Permanent link to this item in the archive.




  
About the author

Contact me

My sites

Recent stories

Calendar

July 2010
Sun
Mon
Tue
Wed
Thu
Fri
Sat
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

Jun   Aug

To-do

Done


A picture named xmlMini.gif


© Copyright 2010 Marc Barrot. Last update: Saturday, July 10, 2010 at 2:25 PM Eastern. Last build: 7/29/2010; 6:11:17 PM. "It sure is worse than it appears" RSS feed for Scripting2 Reverse Engineering


Previous / Next