[wp-xmlrpc] Any interest in OAuth?

Allan Odgaard m123ixd02 at sneakemail.com
Sat Jun 14 16:05:24 GMT 2008

On 14 Jun 2008, at 16:55, Peter Westwood wrote:

> [...]
> This would be good for xmlrpc access to blogs as eventually we could
> turn off access via the username/password combo to make xmlrpc more
> secure

Accessing the blog with a security token instead of a user/password is  
in itself not more secure.

> someone who catches your auth tokens for an application cannot
> then use them to access the admin pages for example.

That assumes WordPress will allow different access levels based on the  
authentication token. This is outside the scope of the OAuth standard  
and WordPress already has such system (users).

More information about the wp-xmlrpc mailing list