[development] Continued Services woes
António P. P. Almeida
appa at perusio.net
Sat Mar 5 12:31:15 UTC 2011
On 4 Mar 2011 22h30 WET, jeff at ayendesigns.com wrote:
> [1 <text/plain; ISO-8859-1 (8bit)>] After hours of searching,
> scouring, absorbing it was determined that there was little hope of
> (currently) getting past Services 2.4 and REST returning a 404
> error, so I switched to xmlrpc.
> I have a simple script to hit my service from outside the site,
> fine-tuned a couple dozen times based on various recommendations, to
> currently be:
> $url = "http://localhost/mydomain/services/xmlrpc";
> $ch = curl_init();
> $data = 'method=my.method&id=12345&text=hello';
> curl_setopt($ch, CURLOPT_POST, 1);
> curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
> curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
> curl_setopt($ch, CURLOPT_URL, $url);
> $response = curl_exec($ch);
> with $data as a string like above, I continuously receive: faultCode
> -32700 faultString Parse error. Request not well formed.
Does it really need to be a POST? If not then a mere hook_menu that
takes arguments might fit the bill.
It all depends on exactly what you're trying to do and what level of
security it's required.
It's true that a GET can be considered insecure. But you can secure it
1. Access control based on IP address at the server and/or PHP/Drupal
level. Please have your
2. Encrypt the arguments in the URI and decrypt in the server or page
3. Use authentication, be it Basic or Digest.
4. Run the all shebang over TLS.
a) If you use a self-signed cert no endpoint trust is ensured and
one of the main design features of TLS is defeated. It only
raises a little bit the bar against traffic sniffing.
b) With a proper cert issued by a recognized CA (the most secure
setup, with level of security depending on key length and cypher
This might be a slightly OT rant, but perhaps it points you to a
easier way to achieve your purpose.
Also there are much less verbose ways to do HTTP on PHP than cURL,
More information about the development