On 10/6/05, Allen Gilliland <[EMAIL PROTECTED]> wrote: > On Wed, 2005-10-05 at 20:15, James M Snell wrote: > > Elias Torres wrote: > > > > > > > >>i'm not sure i fully understand this one. can you explain it more. > > >> > > >> > > > > > >Right now when people visit my external blog from IBM's internal > > >server, I can see in my apache logs the entry anchor from the > > >referrer. This can leak information such as > > >"we_re_buying_chococalate_company_x". Do you know what I mean? > > > > > > > > > > > If I can weigh in on this, this is absolutely a major issue for us. > > Ideally the URL's would be opaque in the first place, but using a global > > redirector is a very good solution. > > I see what you guys are talking about, but for some reason I don't see this > as being such a big deal. I suppose it's not too nice if someone posts an > entry called "i hate microsoft" along with links to microsoft sites, in that > case the referers in the logs on the microsoft site would be something like > "myserver.com/roller/page/foo?entry=i_hate_microsoft".
Remember that not everyone blogging is really technical or blog savvy. We have the responsibility a company need to protect our employees. > > the only thing i see potentially worth concealing in that url is the actual > anchor, and you could conceal that by using the entryid rather than anchor, > which is something i think we should make possible anyways. Yes, entryid could be used, but then we have userids. Also, if use entryids we lose the advantages of using a nice readable anchor. > > what else would need to be changed? > > -- Allen > > > > > >>i think there are actually 2 action items here. (1) provide a good SSO > > >>structure so that a roller admin could easily define what happens when a > > >>user transfers from another application into roller and (2) provide a > > >>good way for roller to be remotely administrated, possibly via secure > > >>web services. by remotely administrated i mean ... register users, > > >>create weblogs, reset account info, etc. we do this stuff at Sun right > > >>now, but we've just hacked a backdoor for roller and really this should > > >>be flushed out into a full feature. > > >> > > >> > > > > > >ahhh... a nice remote interface would be awesome. so much to do, so little > > >time. > > > > > > > > > > > I've been giving some thought to a Admin API that is based roughly on > > the same fundamental design concepts as the Atom Publishing API. It > > would be great if we could come up with a mechanism that could be > > implemented across multiple blogging platforms. > > > > - James > >
