[wp-xmlrpc] Remove authorization for xmlrpc read-only functions?

Diederik van Liere dvanliere at gmail.com
Thu Aug 5 12:31:08 UTC 2010


Hi Daniel,
Thanks for  your reply. I see your point that not all posts on a blog
are open to the public but this could potentially be alleviated by
making it configurable: default setting could be to make xmlrpc
readonly requests without authorization but if you don't want this
then, using the admin, configure wp that it should ask authorization
for readonly xmlrpc requests.

I am definitely interested in a programmatically parseable way to
access wp content but it seems that it really depends on the
individual blog what is exposed and usually it's only the most recent
comments so I i am looking for a way that exposes more data in a more
structured way.

Best,

Diederik

> Hi Diederik - what comes to mind for me is that it's a coincidence that most of the information in a typical blog configuration is publicly visible.  There are several scenarios in which the content of a blog may be protected:
>
> - The posts are password protected.
> - The posts are drafts.
> - The entire blog is only visible to registered users.
> - The posts contain metadata that is not exposed publicly by a given theme.
>
> I can see your reasoning for having the information be accessible when it just so happens that there isn't any private information among the results, but trying to determine with accuracy whether it was safe to expose a particular set of posts or not would be difficult. The XMLRPC API is just too blunt and its content may include a mish-mash of public and private content.
>
> If you want to get at the content of public posts in a programmatically parseable way, the existing RSS and Atom syndication interfaces are probably a good choice.
>
> Daniel


More information about the wp-xmlrpc mailing list