[wp-xmlrpc] Any interest in OAuth?
Allan Odgaard
m123ixd02 at sneakemail.com
Sat Jun 14 16:05:24 GMT 2008
On 14 Jun 2008, at 16:55, Peter Westwood wrote:
> [...]
> This would be good for xmlrpc access to blogs as eventually we could
> turn off access via the username/password combo to make xmlrpc more
> secure
Accessing the blog with a security token instead of a user/password is
in itself not more secure.
> someone who catches your auth tokens for an application cannot
> then use them to access the admin pages for example.
That assumes WordPress will allow different access levels based on the
authentication token. This is outside the scope of the OAuth standard
and WordPress already has such system (users).
More information about the wp-xmlrpc
mailing list