On Thu, Feb 03, 2005 at 11:42:34AM -0800, [EMAIL PROTECTED] wrote:
>
> > That's exactly what I'm looking for and I feel a bit dumb because I
> > can't find in the documentation anything like "get_user_access_info" or
> > something else to fetch the authentication info. Either the search
> > function of the acrobat reader is really broken or it's missing.
>
> Hmm, I don't see it in the API doc. I pulled the logic from an earlier
> script that I had to do system auditing.
>
> Here is the XML call that I'm using:
>
> <?xml version='1.0' encoding='UTF-8' standalone='no' ?>
> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'>
> <OPS_envelope>
> <header>
> <version>0.9</version>
> </header>
> <body>
> <data_block>
> <dt_assoc>
> <item key='protocol'>XCP</item>
> <item key='action'>get_user_access_info</item>
> <item key='object'>domain</item>
> <item key='attributes'>
> <dt_assoc>;
> <item key='domain_name'>example.com</item>
> </dt_assoc>
> </item>
> </dt_assoc>
> </data_block>
> </body>
> </OPS_envelope>
Very interesting. If this command had been available 2 years ago, we
could have saved ourselves a lot of time implementing a mechanism to
cache credentials at our end.
Still, this command doesn't work on horizon:
response_text' => 'Invalid command: get_user_access_info domain',
'is_success' => 0,
'response_code' => 400
...which makes it hard to test.
If this is a supported command, I'd like to ask that OpenSRS:
a) document it
b) make it available on horizon
At the very least, could someone from OpenSRS please comment on the
status of this command?
> > I don't think it makes sense from a security standpoint anyway. If I can
> > fetch the authentication information and then start a query with that I
> > should be able to do so without that information beforehand. Querying
> > address data should be possible without setting an authentication
> > cookie, private key and IP address should be enough.
>
> I believe all the contact information method calls were tied to the
> management interface which required the profile username/password to do
> anything. This is why they added an enhancement request to add the
> contact e-mail addresses to the get expiring domains method.
Well, that's a decent way to rationalize it, but I'm with Arthur; the
API should provide a non-cookie method to retrieve/manage domain
information if the API is going to provide the credentials it requires.
--
// 2 _____________________________________________________________
// / \
\\/ / | Movie "fact": You can always find a chainsaw when you need |
\\/ | one. |
\_________________________________ __________________________/
Ewan Edwards {e^2}, [EMAIL PROTECTED] |/
