Well, 'need to' would be a more subjective answer :) but the requirement
is that it be a Services 2.x service (thus, since I've given up on REST
for the time, xmlrpc), which means post. I'm not so concerned about the
curl in terms of verbosity...I'm only using it to test the service,
well, -try- to test the service. At the moment, I'm stuck on the proper
way to format the post request in curl when no authentication will be used.
On 03/05/2011 07:31 AM, António P. P. Almeida wrote:
Does it really need to be a POST? If not then a mere hook_menu that
takes arguments might fit the bill.
It all depends on exactly what you're trying to do and what level of
security it's required.
It's true that a GET can be considered insecure. But you can secure it
using:
1. Access control based on IP address at the server and/or PHP/Drupal
level. Please have your
2. Encrypt the arguments in the URI and decrypt in the server or page
callback.
3. Use authentication, be it Basic or Digest.
4. Run the all shebang over TLS.
a) If you use a self-signed cert no endpoint trust is ensured and
one of the main design features of TLS is defeated. It only
raises a little bit the bar against traffic sniffing.
b) With a proper cert issued by a recognized CA (the most secure
setup, with level of security depending on key length and cypher
suite chosen).
This might be a slightly OT rant, but perhaps it points you to a
easier way to achieve your purpose.
Also there are much less verbose ways to do HTTP on PHP than cURL,
e.g.:
http://pecl.php.net/package/pecl_http
http://stackoverflow.com/questions/2075570/php-pecl-http-vs-curl-extension
HTH,
--- appa
