With regards to security, if the xmlrpc only responds to requests from localhost, I agree that that should be fine. However, if it's just plain built-in to SchoolTool, wouldn't the xmlrpc URL be available externally as well? If so, that's a bit less secure.
Filip Sufitchi On May 26, 2011 12:01 PM, "Douglas Cerna" <[email protected]> wrote: > Justas: > > Jeffrey is developing an application called pyquiz to create tests for his students using pyramid. Now, he has this requirement (sorry for flooding): > > Jeff Elkner: 1. user points browser at pyquiz > Jeff Elkner: 2. clicks "login" > Jeff Elkner: 3. types user name and password > Jeff Elkner: 4. pyquiz asks ST, is this a valid user? > Jeff Elkner: 5. ST says yes or no > Jeff Elkner: if yes, user is logged in > Jeff Elkner: if no, login fails > Jeff Elkner: i don't want to create users in two places > Jeff Elkner: and have to make sure they are in sync somehow > Jeff Elkner: when a new student is added to ST > Jeff Elkner: and put in a section > Jeff Elkner: they can log in to pyquiz > Jeff Elkner: with no configuration on the pyquiz side > > I think an easy solution is to create a small XMLRPC method publisher that gets the person and calls checkPassword on it, returning True or False. Then we could create an url for this method like http://server_name/xmlrpc for pyquiz to send its login requests. If pyquiz gets True on the response, then it creates (or looks up) a space in its database for the username. > > I know a very well designed mechanism should include encryption/decryption for the requests, but these services are going to run on the same server and I'm assuming that's secure enough. > > Please let me know what you think about this approach. > > Thanks. > Douglas > > "... allí es cuando te das cuenta que las cosas malas pueden resultar bastante buenas..." - Lionel Messi > > Por favor, evite enviarme adjuntos de Word, Excel o PowerPoint. > Vea http://www.gnu.org/philosophy/no-word-attachments.es.html > > _______________________________________________ > Mailing list: https://launchpad.net/~schooltool-developers > Post to : [email protected] > Unsubscribe : https://launchpad.net/~schooltool-developers > More help : https://help.launchpad.net/ListHelp
_______________________________________________ Mailing list: https://launchpad.net/~schooltool-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~schooltool-developers More help : https://help.launchpad.net/ListHelp
