MetaWeblog

From IndieWeb
Jump to: navigation, search


The MetaWeblog API is an outdated (superseded by Micropub) XML-RPC based API for CRUD operations between blog client and server software that depends on username and password being entered into clients (instead of OAuth) and sent over HTTP (often not HTTPS) and thus creating a security vulnerability for users.

Criticism

Security

The MetaWeblog API sends your username and password in plaintext in the body of the XML-RPC request. Anyone listening to the communication between your client and server is able to get your password. Ideally, one would not be using MetaWeblog to post entries over public wifi (say, on a smartphone).

Authentication at the application level is a layer violation. The Atom Publishing Protocol does not have plaintext username/password transmission but delegates authentication to HTTP.

See Also

Personal tools
Namespaces
Variants
Actions
Recent & Upcoming
Resources
Toolbox