[Cubicweb] Pyro and ZMQ deprecated?
florent.cayre at logilab.fr
Thu Mar 13 16:39:58 CET 2014
some comments below.
Be aware that as expected, we just released signedrequest +
rqlcontroller (for now in http://download.logilab.org/acceptance/).
Your feedback is very welcome if you find any time to test them.
Le 13/03/2014 11:24, Jinpeng Li a écrit :
> I don't know how cubicweb.dbapi is going be in the future; now
> apparently cubicweb chooses api key authorization according to the
> development of signedrequest/rqlcontroller.
> In fact, I would like to mention that both api key authorization
> and username/password authorization exist in the webservice industry.
> API keys originated with the first public web services, like Yahoo and
> Google APIs.
> Twitter simplifies things for their users by using usernames and
> passwords for API authentication.
> In my opinion, the most difficult point is how to securely store login
> and password in client problem using python, or each time human user
> type login and password for the program.
The login/ password way is natively supported by cubicweb (pass
__login=XXX and __password=YYY in the url or as url-encoded post
arguments will automatically log you before processing the request further).
> In addition, considering the
> compatibility, signedrequest/rqlcontroller could provide
> two authorization ways; they are not conflict.
signedrequest also signs the request, which aims at being immune to a
man in the middle. The password approach requires https.
> It would be better to leave cubicweb team to answer the future
> development problem.
> On Thu, Mar 13, 2014 at 10:20 AM, Yann Cointepas <yann at cointepas.net
> <mailto:yann at cointepas.net>> wrote:
> I probably made things confusing by talking about a link between
> password and signedrequest/rqlcontroller. Let's get back to a
> simple user question.
> When cubicweb.dbapi is obsolete, how CubicWeb will make it
> possible for a user to use its own collection of Python scripts
> using RQL to access a CubicWeb instance (not a single application,
> possibly used on several devices located on several sites) ? Today
> using cubicweb.dbapi with login/password is very simple and
> flexible. How it is going to be in the future ?
> Cubicweb mailing list
> Cubicweb at lists.cubicweb.org
LOGILAB S.A. 104, bd Auguste Blanqui 75013 PARIS
tél +33 (0)1.45.32.03.12
tél +33 (0)22.214.171.124.26
Formations Python, Debian, XP http://www.logilab.fr/formations
Développement logiciel sur mesure http://www.logilab.fr/services
Python et calcul scientifique http://www.logilab.fr/science
Gestion des connaissances http://www.logilab.fr/gestion-connaissances
CubicWeb, semantic web framework http://www.cubicweb.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Cubicweb