[development] Continued Services woes

jeff at ayendesigns.com jeff at ayendesigns.com
Sat Mar 5 12:55:01 UTC 2011

Well, 'need to' would be a more subjective answer :) but the requirement 
is that it be a Services 2.x service (thus, since I've given up on REST 
for the time, xmlrpc), which means post. I'm not so concerned about the 
curl in terms of verbosity...I'm only using it to test the service, 
well, -try- to test the service. At the moment, I'm stuck on the proper 
way to format the post request in curl when no authentication will be used.

On 03/05/2011 07:31 AM, António P. P. Almeida wrote:

> Does it really need to be a POST? If not then a mere hook_menu that
> takes arguments might fit the bill.
> It all depends on exactly what you're trying to do and what level of
> security it's required.
> It's true that a GET can be considered insecure. But you can secure it
> using:
> 1. Access control based on IP address at the server and/or PHP/Drupal
>     level. Please have your
> 2. Encrypt the arguments in the URI and decrypt in the server or page
>     callback.
> 3. Use authentication, be it Basic or Digest.
> 4. Run the all shebang over TLS.
>     a) If you use a self-signed cert no endpoint trust is ensured and
>        one of the main design features of TLS is defeated. It only
>        raises a little bit the bar against traffic sniffing.
>     b) With a proper cert issued by a recognized CA (the most secure
>        setup, with level of security depending on key length and cypher
>        suite chosen).
> This might be a slightly OT rant, but perhaps it points you to a
> easier way to achieve your purpose.
> Also there are much less verbose ways to do HTTP on PHP than cURL,
> e.g.:
> http://pecl.php.net/package/pecl_http
> http://stackoverflow.com/questions/2075570/php-pecl-http-vs-curl-extension
> HTH,
> --- appa

More information about the development mailing list