[development] Continued Services woes

Dave Metzler metzler.dl at gmail.com
Sun Mar 6 00:27:18 UTC 2011


Generally either get or post can be used, but get restricts the size of the data, since it reallyneeds to fit on a url.  

Post data in a reqest is not much different than get data, that is, in its simplest form, it is just a series of urlencoded key value pairs.



Sent from my iPad

On Mar 5, 2011, at 4:55 AM, jeff at ayendesigns.com wrote:

> Well, 'need to' would be a more subjective answer :) but the requirement is that it be a Services 2.x service (thus, since I've given up on REST for the time, xmlrpc), which means post. I'm not so concerned about the curl in terms of verbosity...I'm only using it to test the service, well, -try- to test the service. At the moment, I'm stuck on the proper way to format the post request in curl when no authentication will be used.
> 
> On 03/05/2011 07:31 AM, António P. P. Almeida wrote:
> 
>> 
>> Does it really need to be a POST? If not then a mere hook_menu that
>> takes arguments might fit the bill.
>> 
>> It all depends on exactly what you're trying to do and what level of
>> security it's required.
>> 
>> It's true that a GET can be considered insecure. But you can secure it
>> using:
>> 
>> 1. Access control based on IP address at the server and/or PHP/Drupal
>>    level. Please have your
>> 
>> 2. Encrypt the arguments in the URI and decrypt in the server or page
>>    callback.
>> 
>> 3. Use authentication, be it Basic or Digest.
>> 
>> 4. Run the all shebang over TLS.
>> 
>>    a) If you use a self-signed cert no endpoint trust is ensured and
>>       one of the main design features of TLS is defeated. It only
>>       raises a little bit the bar against traffic sniffing.
>> 
>>    b) With a proper cert issued by a recognized CA (the most secure
>>       setup, with level of security depending on key length and cypher
>>       suite chosen).
>> 
>> This might be a slightly OT rant, but perhaps it points you to a
>> easier way to achieve your purpose.
>> 
>> Also there are much less verbose ways to do HTTP on PHP than cURL,
>> e.g.:
>> 
>> http://pecl.php.net/package/pecl_http
>> http://stackoverflow.com/questions/2075570/php-pecl-http-vs-curl-extension
>> 
>> HTH,
>> --- appa


More information about the development mailing list