On Thu, 2005-10-06 at 10:42, James M Snell wrote: > Our blog entry URL's also contain our email addresses. for instance, > the URL of my latest blog entry is: > > > http://.../weblogs/page/[EMAIL PROTECTED]/20051003#my_hell_will_be_blogged >
I was thinking about this a bit today and it seems like it would be a good thing to let people login with their email addresses without actually forcing the username = email. This is pretty common these days and I think it makes a lot of sense. -- Allen > I may not want folks at Microsoft or wherever knowing that I > specifically am linking to them. > > Allen Gilliland wrote: > > >On Wed, 2005-10-05 at 20:15, James M Snell wrote: > > > > > >>Elias Torres wrote: > >> > >> > >> > >>>>i'm not sure i fully understand this one. can you explain it more. > >>>> > >>>> > >>>> > >>>> > >>>Right now when people visit my external blog from IBM's internal > >>>server, I can see in my apache logs the entry anchor from the > >>>referrer. This can leak information such as > >>>"we_re_buying_chococalate_company_x". Do you know what I mean? > >>> > >>> > >>> > >>> > >>> > >>If I can weigh in on this, this is absolutely a major issue for us. > >>Ideally the URL's would be opaque in the first place, but using a global > >>redirector is a very good solution. > >> > >> > > > >I see what you guys are talking about, but for some reason I don't see this > >as being such a big deal. I suppose it's not too nice if someone posts an > >entry called "i hate microsoft" along with links to microsoft sites, in that > >case the referers in the logs on the microsoft site would be something like > >"myserver.com/roller/page/foo?entry=i_hate_microsoft". > > > >the only thing i see potentially worth concealing in that url is the actual > >anchor, and you could conceal that by using the entryid rather than anchor, > >which is something i think we should make possible anyways. > > > >what else would need to be changed? > > > >-- Allen > > > > > > > >>>>i think there are actually 2 action items here. (1) provide a good SSO > >>>>structure so that a roller admin could easily define what happens when a > >>>>user transfers from another application into roller and (2) provide a > >>>>good way for roller to be remotely administrated, possibly via secure > >>>>web services. by remotely administrated i mean ... register users, > >>>>create weblogs, reset account info, etc. we do this stuff at Sun right > >>>>now, but we've just hacked a backdoor for roller and really this should > >>>>be flushed out into a full feature. > >>>> > >>>> > >>>> > >>>> > >>>ahhh... a nice remote interface would be awesome. so much to do, so little > >>>time. > >>> > >>> > >>> > >>> > >>> > >>I've been giving some thought to a Admin API that is based roughly on > >>the same fundamental design concepts as the Atom Publishing API. It > >>would be great if we could come up with a mechanism that could be > >>implemented across multiple blogging platforms. > >> > >>- James > >> > >> > > > > > > > > >
