Brad Fitzpatrick (bradfitz) wrote in lj_dev,
Brad Fitzpatrick

protocol endpoint(s) and post-only passwords

My Nokia 6670 died and I'm now reconfiguring my replacement 6630, laboriously entering all my internet and LifeBlog settings.

Two things come to mind:

1) Why do I have to enter ... why not just "" and a) trust the phone adds http, I think it does, b) auto-detect the AtomAPI post, and reroute it to the right handler in mod_perl, and c) make sure our canonicalizer doesn't redirect the AtomAPI post to, because that's just unnecessary for a non-browser.

2) we should have an option to have "post-only" passwords, similar to the post-only PINs we have for phone/email posting. hell, maybe use the same one. But I should be able to tell LifeBlog a "lesser" password that can only do the protocol "postevent" and AtomAPI/Blogger equivalents. This also means when you give a password to Flickr/etc, all they can do is post as you, not login, not delete, not change your password, etc.

I'll be at OSCON all week, but I'll happily accept patches. :-)

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded