[wp-xmlrpc] Posting comments through XMLRPC
Vladimir Yushko
yahoo2 at yarrowsoft.com
Thu Jul 24 07:52:34 GMT 2008
Hi!
I have solution. This is comment server plugin which is server part of
comment client. Download here:
http://commentclient.com/download/commentserver.zip
Comment server have many features such as spam protected protocol which
allows send comments from another blogs and include intgration with forms.
Documentation not available, sorry.
--
Best regards, Vladimir Yushko
http://commentclient.com/
----- Original Message -----
From: "Joseph Scott" <joseph at randomnetworks.com>
To: <wp-xmlrpc at lists.automattic.com>
Sent: Thursday, July 24, 2008 7:38 AM
Subject: Re: [wp-xmlrpc] Posting comments through XMLRPC
>
> On Jul 21, 2008, at 2:20 AM, Alex Forrow wrote:
>
> > We have written a plugin which integrates into our software to allow
> > WordPress to receive comments through XMLRPC. The interface we have
> > created
> > is standard but to avoid spam, unless the user can authenticate,
> > the plugin
> > will only accept comments received for our site. Assuming we could
> > find a
> > more general method for avoiding spam, we would like to propose
> > that this
> > plugin is made generic and integrated into the WordPress codebase.
> >
> > If a user can authenticate to WordPress (either in the database of the
> > WordPress installation, or against WordPress.com account for hosted
> > blogs),
> > this can be used to prove the users identity. Can't see any
> > problems here.
>
> Comments that come with a valid username and password we could
> consider trusted.
>
>
> > The more tricky situation is where anonymous comments need to be
> > posted. I
> > see no reason why not to mandate the sending of name and email with
> > the
> > comment and follow standard comment filtering rules, but ideally we
> > would
> > have another level of security. One suggestion is to provide a
> > trackback
> > service, so a trackback url is posted with the comment, which
> > WordPress can
> > connect back on using some kind of unique identifier, and verify
> > the service
> > did actually send the comment.
>
> I suppose technically there's no difference between submitting a form
> and providing an API, but it would be nice not to provide one more
> way for spammers to submit junk.
>
>
> > Another, slightly more complicated idea could be based around the
> > principles
> > of DomainKeys, a technology for email-spam avoidance
> > (http://en.wikipedia.org/wiki/DomainKeys). The comment sender could
> > sign the
> > comment using a public/private key pair, the public key being
> > posted in a
> > DNS TXT record of the domain of the sender. This enables the receiving
> > XMLRPC to verify that the comment is actually from the domain the
> > sender
> > says they are in. Unfortunately this doesn't actually solve the spam
> > problem, it only allows receivers to verify the sender of the
> > comment. This,
> > however, could be the basis of a another solution which requires
> > sender
> > verification (e.g. A managed blacklist/whitelist).
> >
> > The plugin in its current form is available at
> > http://croc.favsys.net/alex/wp_favorit.zip if anyone would like to
> > take a
> > look.
>
> I don't think it's worth having two separate methods for this, may as
> well just have one. Then if the username and password aren't
> provided we treat it as an unauthenticated comment.
>
> --
> Joseph Scott
> joseph at randomnetworks.com
> http://joseph.randomnetworks.com/
>
>
>
>
> _______________________________________________
> wp-xmlrpc mailing list
> wp-xmlrpc at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-xmlrpc
More information about the wp-xmlrpc
mailing list