[development] Continued Services woes

António P. P. Almeida appa at perusio.net
Sat Mar 5 12:31:15 UTC 2011

On 4 Mar 2011 22h30 WET, jeff at ayendesigns.com wrote:

> [1 <text/plain; ISO-8859-1 (8bit)>] After hours of searching,
> scouring, absorbing it was determined that there was little hope of
> (currently) getting past Services 2.4 and REST returning a 404
> error, so I switched to xmlrpc.
> I have a simple script to hit my service from outside the site,
> fine-tuned a couple dozen times based on various recommendations, to
> currently be:
> $url = "http://localhost/mydomain/services/xmlrpc";
> $ch = curl_init();
> $data = 'method=my.method&id=12345&text=hello';
> curl_setopt($ch, CURLOPT_POST, 1);
> curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
> curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
> curl_setopt($ch, CURLOPT_URL, $url);
> $response = curl_exec($ch);
> with $data as a string like above, I continuously receive: faultCode
> -32700 faultString Parse error. Request not well formed.

Does it really need to be a POST? If not then a mere hook_menu that
takes arguments might fit the bill. 

It all depends on exactly what you're trying to do and what level of
security it's required. 

It's true that a GET can be considered insecure. But you can secure it

1. Access control based on IP address at the server and/or PHP/Drupal
   level. Please have your 

2. Encrypt the arguments in the URI and decrypt in the server or page

3. Use authentication, be it Basic or Digest.

4. Run the all shebang over TLS.
   a) If you use a self-signed cert no endpoint trust is ensured and
      one of the main design features of TLS is defeated. It only
      raises a little bit the bar against traffic sniffing.

   b) With a proper cert issued by a recognized CA (the most secure
      setup, with level of security depending on key length and cypher
      suite chosen).

This might be a slightly OT rant, but perhaps it points you to a
easier way to achieve your purpose.

Also there are much less verbose ways to do HTTP on PHP than cURL,


--- appa

More information about the development mailing list