[Demexp-dev] login method and cookie
Hello, Is it normal that when using these servers: http://www.linux-france.org/cgi-bin/demexp-xmlrpc-test or http://www.linux-france.org/cgi-bin/demexp-xmlrpc-demo do not need to 'login' to be able to access to all methods on the server? (and the 'goodbye' method doesn't seem to do anything either) ->This means that using a 'cookie' is not necessary... And the http://tuxinette.linux-france.org:5 seems to be down... or? Thanks. Lyu. ___ Demexp-dev mailing list Demexp-dev@nongnu.org http://lists.nongnu.org/mailman/listinfo/demexp-dev
Re: [Demexp-dev] login method and cookie
Hello Lyu, Lyu Abe <[EMAIL PROTECTED]> writes: > Is it normal that when using these servers: > http://www.linux-france.org/cgi-bin/demexp-xmlrpc-test > or > http://www.linux-france.org/cgi-bin/demexp-xmlrpc-demo > > do not need to 'login' to be able to access to all methods on the > server? (and the 'goodbye' method doesn't seem to do anything either) > ->This means that using a 'cookie' is not necessary... I'm not sure I understand your question. For all methods of the proxy, you can call them with a dummy cookie or a wrong login. However the server should report an error when the login or the operation fails. On the server, you can call all methods but their execution should fail with an error code when your an not authenticated. Which code are you using? > And the > http://tuxinette.linux-france.org:5 > seems to be down... or? Server restarted. Yours, d. -- GPG/PGP key: A3AD7A2A David MENTRE <[EMAIL PROTECTED]> 5996 CC46 4612 9CA4 3562 D7AC 6C67 9E96 A3AD 7A2A ___ Demexp-dev mailing list Demexp-dev@nongnu.org http://lists.nongnu.org/mailman/listinfo/demexp-dev
Re: [Demexp-dev] login method and cookie
Hi David,
Is it normal that when using these servers:
http://www.linux-france.org/cgi-bin/demexp-xmlrpc-test
or
http://www.linux-france.org/cgi-bin/demexp-xmlrpc-demo
do not need to 'login' to be able to access to all methods on the
server? (and the 'goodbye' method doesn't seem to do anything either)
->This means that using a 'cookie' is not necessary...
I'm not sure I understand your question. For all methods of the proxy,
you can call them with a dummy cookie or a wrong login. However the
server should report an error when the login or the operation fails.
Actually no: I am using a C code (xmlrpc-c) to call the methods on the
http://www.linux-france.org/cgi-bin/demexp-xmlrpc-test
server with the "root" login.
I commented the 'login' method calls but could still obtain responses
from other methods ('max_question_id' and 'max_tag_id'). I don't know if
this is a normal behaviour.
On the server, you can call all methods but their execution should fail
with an error code when your an not authenticated.
Which code are you using?
It's a very simple C code (just call and proceed the result). I just
skipped the 'login' step, and could still access other methods...
Regards, Lyu
And the
http://tuxinette.linux-france.org:5
seems to be down... or?
Server restarted.
Yours,
d.
___
Demexp-dev mailing list
Demexp-dev@nongnu.org
http://lists.nongnu.org/mailman/listinfo/demexp-dev
Re: [Demexp-dev] login method and cookie
Hi Lyu,
On Sun, Oct 12, 2008 at 22:09, Lyu Abe <[EMAIL PROTECTED]> wrote:
> Actually no: I am using a C code (xmlrpc-c) to call the methods on the
> http://www.linux-france.org/cgi-bin/demexp-xmlrpc-test
> server with the "root" login.
>
> I commented the 'login' method calls but could still obtain responses from
> other methods ('max_question_id' and 'max_tag_id'). I don't know if this is
> a normal behaviour.
Certain methods are restricted to certain role. E.g. method
set_question_status is restricted to classifier.
You need to look at the code to know the restriction about each method.
http://www.linux-france.org/cgi-bin/hgwebdir.cgi/demexp/version-0.8?f=be82d551338e;file=srv/work.ml.nw
For example:
347 let set_question_status (cookie, q_id, new_status) =
348 do_if_classifier cookie
This method is executed only if the caller has "classifier" rights.
> It's a very simple C code (just call and proceed the result). I just skipped
> the 'login' step, and could still access other methods...
Do you check return codes of the other method calls (after the login)?
It is normal to be able to call them. But they should return an error
if you don't have enough access rights.
Yours,
d.
___
Demexp-dev mailing list
Demexp-dev@nongnu.org
http://lists.nongnu.org/mailman/listinfo/demexp-dev
Re: [Demexp-dev] login method and cookie
David,
ok, so if I understand right, all the methods I mentioned in my email
(max_question_id and max_tag_id) should work and return correct values
even if I'm not logged in. Other functions with 'privilege' will return
an error code.
In that case I get it. And yes, the code returns error codes is any (for
example 'rt_bad_login' if I enter the wrong login/pwd).
See you, Lyu.
David MENTRE a écrit :
Hi Lyu,
On Sun, Oct 12, 2008 at 22:09, Lyu Abe <[EMAIL PROTECTED]> wrote:
Actually no: I am using a C code (xmlrpc-c) to call the methods on the
http://www.linux-france.org/cgi-bin/demexp-xmlrpc-test
server with the "root" login.
I commented the 'login' method calls but could still obtain responses from
other methods ('max_question_id' and 'max_tag_id'). I don't know if this is
a normal behaviour.
Certain methods are restricted to certain role. E.g. method
set_question_status is restricted to classifier.
You need to look at the code to know the restriction about each method.
http://www.linux-france.org/cgi-bin/hgwebdir.cgi/demexp/version-0.8?f=be82d551338e;file=srv/work.ml.nw
For example:
347 let set_question_status (cookie, q_id, new_status) =
348 do_if_classifier cookie
This method is executed only if the caller has "classifier" rights.
It's a very simple C code (just call and proceed the result). I just skipped
the 'login' step, and could still access other methods...
Do you check return codes of the other method calls (after the login)?
It is normal to be able to call them. But they should return an error
if you don't have enough access rights.
Yours,
d.
___
Demexp-dev mailing list
Demexp-dev@nongnu.org
http://lists.nongnu.org/mailman/listinfo/demexp-dev
Re: [Demexp-dev] login method and cookie
Hello Lyu, On Sun, Oct 12, 2008 at 23:06, Lyu Abe <[EMAIL PROTECTED]> wrote: > ok, so if I understand right, all the methods I mentioned in my email > (max_question_id and max_tag_id) should work and return correct values even > if I'm not logged in. Other functions with 'privilege' will return an error > code. Yes. Yours, d. ___ Demexp-dev mailing list Demexp-dev@nongnu.org http://lists.nongnu.org/mailman/listinfo/demexp-dev
