Tera-WURFL Forum

Steve, would it be possible for you to add in use authorisation to the remote webservice. E.g., so a customer sends their usernames and passwords...

Code: Select all

require_once('./TeraWurflRemoteClient.php');
$data_format = TeraWurflRemoteClient::$FORMAT_JSON;
$timeout = 1;
$method = TeraWurflRemoteClient::$METHOD_CURL; //other option is $METHOD_URL_WRAPPER
$capabilities = array("resolution_width|xhtml_support_level");
$username = "thisCustomersUsername";
$password = "thisCustomersPassword";
$wurflObj = new TeraWurflRemoteClient('http://mobilewebexpert.co.uk/Tera-WURFL/webservice.php',$data_format,$timeout,$method,$username,$password);
$wurflObj->getCapabilitiesFromAgent(TeraWurflRemoteClient::getUserAgent(),$capabilities);


...with obviously some way of doing the authorisation at the Tera-WURFL backend?

Cheers,
James

I have certainly considered this in the past, but I have never implemented it. I suppose you could use a .htaccess file to lockdown the webservice.php file, then modify the client to send HTTP auth headers with its request.

The existing option to limit the IP addresses which can use the service might provide a solution to your problem as well...

Indeed, the IP restriction should be sufficient for most scenarios. One scenario that it would not solve is where you use a Javascript client, since the IP is that of the visitor. For situations like this, I use fail2ban to monitor the webservice for abuse. This is how I keep the public Tera-WURFL demo webservice from being hammered with requests.