29 Mar
2006
29 Mar
'06
2:25 a.m.
On 3/29/06, Robin Fernandes <rewbs.soal(a)gmail.com> wrote:
Hi,
I'd like to allow users to access the a web services from XWiki
documents via a plugin. However, the web service requires
user-specific passwords. What is the best approach to deal with this?
One option is to add "Password Class" fields to the XWikiUsers class,
and adapt the user template to allow users to set their password when
they edit their page. The field's value is not displayed on the page,
but the passwords are stored in the XWiki database in plain text, and
the user's page is found if a wide search is ran on a substring of the
password.
Could also add methods to the plugin that store passwords in the
database after encrypting them with some private key; they'd then get
decrypted within the plugin code before being sent to the web service.
This isn't bad, but maybe you guys have better ideas! :)
If i have to do it, maybe I will do the first choice. The password can
be searched, but cannot be viewed. it's like if someone try to login
to the web service. If you have strong password it's not a big deal.
But if you don't like this method, you can send the password to the
plugin, encrypt it, and save it on the XWikiUsers class.
Jérémi
--
Blog: http://www.jeremi.info
LinkedIn: https://www.linkedin.com/profile?viewProfile=&key=1437724
Project Manager XWiki: http://www.xwiki.org
skype: jeremi23 -- msn et gtalk : jeremi23(a)gmail.com