Lewies Blog

Every now and then I start working on different types of software. I guess I fall into an odd cycle where I get really depressed and not wanting to do much, and then I get in this really creative and intense cycle where I just can’t stop coding and multitasking.

Anyhow, I went back to working with the Atom API again and found that the Blogger.com folks have changed it again! All of my old code would no longer work. After messing around for a few hours, I found that I can retrieve my posts by using Basic Authentication for my credentials rather then WSSE (Web Services Security).

From what I gather, they recently went to supporting SSL (Secure Sockets Layer) with WSSE. To be backwards compatible, they downgraded the non SSL connections to Basic Authentication. Ack! Basic authentication is not secure at all. It is very easy for me to decode someone’s password using that. I tried connecting over SSL, but the remote server would keep closing my connection.

I used to go to the Blogger Developers Area regularly, but it was rarely ever updated. Periods of 2 to 9 months would go by before a new post appears.

Well, it appears there is a different blog area for developers that I just discovered through the Buzz site by follwing the DEVELOPERS link at the bottom of the template. This place is updated frequently (about once a week) now. I’m also finding a lot of “real” documentation compared to what had been available before.

Let’s see if the Atom API will actually get some features added (such as the ability to fetch more then the first 10 entries).

Update: Just to show how unsecure this new basic authentication scheme is, let me provide you with a sample. With basic authentication, I can not link directly to a post.

http://username:password@www.blogger.com/atom/8179070/111302718644502407

Replacing the username and password near the beginning of that link, I was able to view it with a regular web browser. Posting to that same page would create a new entry. Using the “PUT” method instead would update that entry.

If you are lost, don’t worry. Just to keep it simple, the security is lacking …

This entry was posted on Saturday, April 9th, 2005 at 1:56 am and is filed under Miscellaneous. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.