Tera-WURFL Forum

[jhodgski]

Steve, would it be possible for you to add in use authorisation to the remote webservice. E.g., so a customer sends their usernames and passwords...

Code: Select all

require_once('./TeraWurflRemoteClient.php');
$data_format = TeraWurflRemoteClient::$FORMAT_JSON;
$timeout = 1;
$method = TeraWurflRemoteClient::$METHOD_CURL; //other option is $METHOD_URL_WRAPPER
$capabilities = array("resolution_width|xhtml_support_level");
$username = "thisCustomersUsername";
$password = "thisCustomersPassword";
$wurflObj = new TeraWurflRemoteClient('http://mobilewebexpert.co.uk/Tera-WURFL/webservice.php',$data_format,$timeout,$method,$username,$password);
$wurflObj->getCapabilitiesFromAgent(TeraWurflRemoteClient::getUserAgent(),$capabilities);


...with obviously some way of doing the authorisation at the Tera-WURFL backend?

Cheers,
James

[kamermans]

I have certainly considered this in the past, but I have never implemented it. I suppose you could use a .htaccess file to lockdown the webservice.php file, then modify the client to send HTTP auth headers with its request.

[marcguay]

The existing option to limit the IP addresses which can use the service might provide a solution to your problem as well...

[kamermans]

Indeed, the IP restriction should be sufficient for most scenarios. One scenario that it would not solve is where you use a Javascript client, since the IP is that of the visitor. For situations like this, I use fail2ban to monitor the webservice for abuse. This is how I keep the public Tera-WURFL demo webservice from being hammered with requests.