|
cosign-discuss at umich.edu
|
general discussion of cosign development and deployment
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Cosign friend xml-rpc server available for testing
It's up and running and patched! (See
http://news.netcraft.com/archives/2005/07/04/php_blogging_apps_vulnerable_to_xmlrpc_exploits.html
for the vulnerability. Yes, we made the update.) Many thanks to those who took
the time to provide input so we could get to this point.
For testing, you'll need to redirect users to cosign-test.www.umich.edu (rather
than weblogin.umich.edu). That is, weblogin.umich.edu is not aware of the test
friend database and will not be able to log users in who create accounts using
cosign-test.
Please note that the web interface is not finalized:
https://cosign-test.www.umich.edu/friend/
The mass invite is at:
https://cosign-test.www.umich.edu/friend/invite/
I will also be making an ITCS Tech Forum presentation on July 20th at Arbor
Lakes in the afternoon. I'll provide details for the exact time as soon as I
get them.
Writing a web-app to access the XML-RPC is slightly more complicated. I'll
provide the details of the XML-RPC interface shortly (either another e-mail or
a web page). We'd like to get as many people to pound away at the friend
server before an official rollout! Please provide any feedback and ask any
questions!
--Jarod Malestein
|