Re: Corporate Blogging Features

Thu, 06 Oct 2005 10:43:12 -0700

Our blog entry URL's also contain our email addresses. for instance, the URL of my latest blog entry is:
http://.../weblogs/page/[EMAIL PROTECTED]/20051003#my_hell_will_be_blogged 


I may not want folks at Microsoft or wherever knowing that I 
specifically am linking to them.


Allen Gilliland wrote:


On Wed, 2005-10-05 at 20:15, James M Snell wrote:

 


Elias Torres wrote:


   


i'm not sure i fully understand this one.  can you explain it more.

  

       


Right now when people visit my external blog from IBM's internal
server, I can see in my apache logs the entry anchor from the
referrer. This can leak information such as
"we_re_buying_chococalate_company_x". Do you know what I mean?




     


If I can weigh in on this, this is absolutely a major issue for us.  
Ideally the URL's would be opaque in the first place, but using a global 
redirector is a very good solution.
   



I see what you guys are talking about, but for some reason I don't see this as being such a big 
deal.  I suppose it's not too nice if someone posts an entry called "i hate microsoft" 
along with links to microsoft sites, in that case the referers in the logs on the microsoft site 
would be something like "myserver.com/roller/page/foo?entry=i_hate_microsoft".

the only thing i see potentially worth concealing in that url is the actual 
anchor, and you could conceal that by using the entryid rather than anchor, 
which is something i think we should make possible anyways.

what else would need to be changed?

-- Allen


 


i think there are actually 2 action items here.  (1) provide a good SSO
structure so that a roller admin could easily define what happens when a
user transfers from another application into roller and (2) provide a
good way for roller to be remotely administrated, possibly via secure
web services.  by remotely administrated i mean ... register users,
create weblogs, reset account info, etc.  we do this stuff at Sun right
now, but we've just hacked a backdoor for roller and really this should
be flushed out into a full feature.

  

       


ahhh... a nice remote interface would be awesome. so much to do, so little time.




     


I've been giving some thought to a Admin API that is based roughly on 
the same fundamental design concepts as the Atom Publishing API.  It 
would be great if we could come up with a mechanism that could be 
implemented across multiple blogging platforms.


- James

   





 

























					Reply via email to