Re: [Semanticscuttle-devel] privatekey implementation (Was: Git on sourceforge filled / release task for Eric)

[Christian W. <cw...@cw...>]

Hi Mark,


> Thanks for the reply Christian.  Question about something you added
> to the Feature Request about giving them partial access if
> authenticated via the private key.  My thought is to give them full
> access but put some code in the authentication method with maxtries
> or something to thwart hacks.  I could go either way on this, so let
> me know what you think.
The user is either allowed to use the api or not - I would
not differentiate between "partially authenticated" and normal users.
That would lead to code that is hard to read and hard to understand.

I thought that partial access would suffice here because the key is
currently only needed for the feed. It should not be used with the API,
because the api should be used as it exists now (with http
authentication over a secure line).

The private feed will often be used without ssl (because people often
do not know how to set that up), and can easily be sniffed or get lost.
That's why we need an easy way to change it.

So for starters, allow the key on the feed only. If that works well and
people just want to have it elsewhere, we can always implement that.

-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-