Closed (fixed)
Project:
Radioactivity
Version:
5.x-1.x-dev
Component:
Code
Priority:
Normal
Category:
Task
Assigned:
Reporter:
Created:
7 Jul 2008 at 16:03 UTC
Updated:
31 Jul 2008 at 04:47 UTC
Suppose that we'd like to report radioactivity events from an external server (see #279456: Plugin: Support for arbitrary (external) targets). Probably the simplest way would be to make radioactivity_add_energy() invokable by HTTP requests, e.g. http://some-server/radioactivity/add_energy?id=object_id&class=object_class&source=some_source
However, we need some extra measures to make this secure, and I'm thinking of the following:
hash=md5($id . $class . $source . $private_key). That should keep the casual malevolent internet entity from tampering our data, in case the IP-based access restriction is impractical to implement
Comments
Comment #1
skiminki commentedComment #2
skiminki commentedFixed as a part of #279456
Comment #3
skiminki commentedNote that signature is calculated a bit differently than what's proposed in the description.
Comment #4
Anonymous (not verified) commentedAutomatically closed -- issue fixed for two weeks with no activity.