[Developers] Questions about the login service

Tim Kientzle tim at metaweb.com
Fri Apr 4 23:25:00 UTC 2008 

David,

1.  Yes, it does work with GET and yes that is stable.  We recommend  
using POST---especially for browser-based applications---but recognize  
that GET is often a great simplification for script authors.

2. The metaweb-user cookie is currently the only one that must be  
preserved.  I do not expect that to ever change.

3. There are plans to make the login service support https but there  
aren't any immediate plans to support https for other services.  We  
will soon start enforcing a limited lifetime (probably on the order of  
days) on cookies so that cookies aren't quite the same as passwords.   
(This lifetime would be enforced at the server, of course.)

Cheers,

Tim Kientzle


On Apr 4, 2008, at 11:23 AM, David Flanagan wrote:

> Hi,
>
> Before I start asking too many more questions, I should introduce
> myself:  I'm the original author of the MQL documentation at
> http://www.freebase.com/view/en/documentation, and I'm now working to
> bring it up to date.  So I'll probably be posting a number of  
> questions
> here...
>
> Today, I'm wondering about the login service.
>
> 1) I original documented it as POST only, but now it works with GET as
> well. Is that stable?  Can I document it?
>
> 2) In my documentation I do some hand-waving about which of the  
> cookies
> returned by login is necessary for services that require login, and I
> just say that you have to pass all cookies returned by login to the
> services that expect cookies.  I'd guess that that is no longer the
> case.  Is it okay to just pass the metaweb-user cookie?  Or is the
> metaweb-user-info cookie the correct one?
>
> 3) Are there plans to make the login service support https?  And if  
> so,
> will the mqlwrite and upload services also support https?  Otherwise
> passwords and cookies (which are almost as good as cookies) are being
> passed around as cleartext, which means that there aren't any really
> strong guarantees against freebase identity theft.
>
> Thanks!
>
> 	David Flanagan
> _______________________________________________
> Developers mailing list
> Developers at freebase.com
> http://lists.freebase.com/mailman/listinfo/developers

More information about the Developers mailing list