On Wed, 2005-10-05 at 20:15, James M Snell wrote: > Elias Torres wrote: > > > > >>i'm not sure i fully understand this one. can you explain it more. > >> > >> > > > >Right now when people visit my external blog from IBM's internal > >server, I can see in my apache logs the entry anchor from the > >referrer. This can leak information such as > >"we_re_buying_chococalate_company_x". Do you know what I mean? > > > > > > > If I can weigh in on this, this is absolutely a major issue for us. > Ideally the URL's would be opaque in the first place, but using a global > redirector is a very good solution.
I see what you guys are talking about, but for some reason I don't see this as being such a big deal. I suppose it's not too nice if someone posts an entry called "i hate microsoft" along with links to microsoft sites, in that case the referers in the logs on the microsoft site would be something like "myserver.com/roller/page/foo?entry=i_hate_microsoft". the only thing i see potentially worth concealing in that url is the actual anchor, and you could conceal that by using the entryid rather than anchor, which is something i think we should make possible anyways. what else would need to be changed? -- Allen > > >>i think there are actually 2 action items here. (1) provide a good SSO > >>structure so that a roller admin could easily define what happens when a > >>user transfers from another application into roller and (2) provide a > >>good way for roller to be remotely administrated, possibly via secure > >>web services. by remotely administrated i mean ... register users, > >>create weblogs, reset account info, etc. we do this stuff at Sun right > >>now, but we've just hacked a backdoor for roller and really this should > >>be flushed out into a full feature. > >> > >> > > > >ahhh... a nice remote interface would be awesome. so much to do, so little > >time. > > > > > > > I've been giving some thought to a Admin API that is based roughly on > the same fundamental design concepts as the Atom Publishing API. It > would be great if we could come up with a mechanism that could be > implemented across multiple blogging platforms. > > - James
