Elias Torres wrote:
i'm not sure i fully understand this one. can you explain it more.
Right now when people visit my external blog from IBM's internal
server, I can see in my apache logs the entry anchor from the
referrer. This can leak information such as
"we_re_buying_chococalate_company_x". Do you know what I mean?
If I can weigh in on this, this is absolutely a major issue for us.
Ideally the URL's would be opaque in the first place, but using a global
redirector is a very good solution.
i think there are actually 2 action items here. (1) provide a good SSO
structure so that a roller admin could easily define what happens when a
user transfers from another application into roller and (2) provide a
good way for roller to be remotely administrated, possibly via secure
web services. by remotely administrated i mean ... register users,
create weblogs, reset account info, etc. we do this stuff at Sun right
now, but we've just hacked a backdoor for roller and really this should
be flushed out into a full feature.
ahhh... a nice remote interface would be awesome. so much to do, so little time.
I've been giving some thought to a Admin API that is based roughly on
the same fundamental design concepts as the Atom Publishing API. It
would be great if we could come up with a mechanism that could be
implemented across multiple blogging platforms.
- James
