||[Oct. 3rd, 2008|04:15 pm]
I hope this isn't terribly off-topic, it's certainly development work, relating to LJ, and involves the use of a client of sorts, so I feel it's mostly in-keeping with the spirit of the thing..
I have a site that runs alongside an LJ community, and does.. well.. various things. One such thing is that (in theory) the site maintains a list of mappings from LJ username to "real name", which then goes into the community style itself as an associative array and overrides the usernames in comments and entries and displays the users' actual names.
Now in order to get that to work nicely, along with all the other site features, I need to have some means of authenticating users so as not to allow people to update each other's names, which of course would lead to all kinds of fun and games. I've come up with what I think is a decent way of doing that, but I'd really appreciate feedback on a) whether there's a better way and b) whether or not I'm leaving myself open to massive security holes. Because the site itself effectively works as a client, interacting with LJ itself, this would seem to be an appropriate place to ask.
( I fear I may ramble..Collapse )