schooltool-developers team mailing list archive

[Douglas Cerna <douglascerna@xxxxxxxxx>]

Justas:

Jeffrey is developing an application called pyquiz to create tests for his students using pyramid. Now, he has this requirement (sorry for flooding):

Jeff Elkner: 1. user points browser at pyquiz
Jeff Elkner: 2. clicks "login"
Jeff Elkner: 3. types user name and password
Jeff Elkner: 4. pyquiz asks ST, is this a valid user?
Jeff Elkner: 5. ST says yes or no
Jeff Elkner: if yes, user is logged in
Jeff Elkner: if no, login fails
Jeff Elkner: i don't want to create users in two places
Jeff Elkner: and have to make sure they are in sync somehow
Jeff Elkner: when a new student is added to ST
Jeff Elkner: and put in a section
Jeff Elkner: they can log in to pyquiz
Jeff Elkner: with no configuration on the pyquiz side

I think an easy solution is to create a small XMLRPC method publisher that gets the person and calls checkPassword on it, returning True or False. Then we could create an url for this method like http://server_name/xmlrpc for pyquiz to send its login requests. If pyquiz gets True on the response, then it creates (or looks up) a space in its database for the username.

I know a very well designed mechanism should include encryption/decryption for the requests, but these services are going to run on the same server and I'm assuming that's secure enough.

Please let me know what you think about this approach.

Thanks.
Douglas

"... allí­ es cuando te das cuenta que las cosas malas pueden resultar bastante buenas..." - Lionel Messi

Por favor, evite enviarme adjuntos de Word, Excel o PowerPoint.
Vea http://www.gnu.org/philosophy/no-word-attachments.es.html