[wp-xmlrpc] Remove authorization for xmlrpc read-only functions?
Diederik van Liere
dvanliere at gmail.com
Wed Aug 4 01:31:17 UTC 2010
Dear fellow wordpress users / devs,
I have been playing a bit with the xmlrpc functionality of wordpress
and I like it a lot! There is just one thing that I don't fully
understand and that is the following:
Why are the xmlrpc read-only functions (such as mt.getPostCategories,
mt.getRecentPostTitles, mt.getRecentPosts, metaWeblog.getPost,
wp.getComment, wp.getTags, wp.getAuthors, etc. etc.) protected by
password / username?
These functions expose the same data as is available on the blog
itself and the functions are read only. So why not liberate this data
and remove the authorization? For example, tumblr does the same, if
you just add '/api/xml/' to a url of a post then you will receive the
xml output of that particular post.
Two benefits come to mind (and I am sure other people can come up with
more benefits):
1) It makes it easier for third-party developers to build tools to
analyze Wordpress blogs / blogposts
2) It's a (very) small step to make Wordpress ready for the semantic web
Curious to hear your opinion about this and whether this should become
a trac ticket.
Best,
Diederik
More information about the wp-xmlrpc
mailing list