[wp-hackers] PhoneBlogz - blogging by phone, testers needed!
Owen Winkler
ringmaster at midnightcircus.com
Fri Jan 6 22:24:46 GMT 2006
Matthew Butt wrote:
> Thanks for the input. What I was hoping to do is use the
> already-present methods of posting, ie XMLRPC (why reinvent the
> wheel?). This makes it easy for many reasons, but from a security point
> of view there are obvious issues.
>
> I’ll probably end up providing modules for various pieces of software
> (Wordpress, Drupal etc) but allow users to also use direct posting if
> they’re OK with the security issues. Hopefully that’ll keep the
> majority of people happy.
Your situation is not uncommon. I already use audioblogger.com to do
exactly what your service does. It uses XMLRPC to post to blogs, too.
Flickr doesn't use the method previously described when it posts to
WordPress sites - it, too, uses XMLRPC.
In fact, implmenting XMLRPC posting is a best bet, since WordPress'
support for XMLRPC is mostly mimicking what other blog tools already do
with the Metaweblog API and similar protocols. It's not a bad bet that
you'd be able to most to MT using XMLRPC set up almost exactly like it
is for WordPress (with the minor exception of the blog id).
For users who are concerned over security, you can easily create a new
user on your site with its own password and grant it only draft-writing
permissions or authoring permissions. This can be done in either WP
1.5.2 or 2.0.
The login will be ineffective for doing anything but writing new posts.
Anyone who blogs enough to want to call their blog is probably going
to notice if a service does the one bad thing that it could do with that
level of permissions and starts posting willy-nilly.
Owen
More information about the wp-hackers
mailing list