[Piwik-hackers] Separate controller for API calls?

Daniel Blanco daniel.blanco at irisalerts.com
Wed Jul 23 08:46:36 CEST 2008 

Hi Matthieu,

Hhow can I prevent an authorized user to log in in the application?
I have Piwik integrated in a Drupal site for statistics, but I render 
the graphics I need inside a Druapl page (without letting the user login 
in Piwik)
Each time a user creates an account in the site, the same account is 
created in Piwik, and I create a Piwik site for each one of that user's 
contents (widgets)
The Piwik user and passwords are the same as for the Drupal account, so 
any user could access.

Thanks!

Dani


Matthieu Aubry escribió:
>
> Why do you IP restrict when you could use the  token_auth restriction?
>
> px wrote:
>> ++to a different controller for API
>>
>> Daniel Blanco wrote:
>>   
>>> Hi!
>>> I think it would be nice if the API calls were made against a different
>>> controller than index.php, in the same way the tracking js sends the
>>> tracking info to piwik.php.
>>> For example, having a separate file like api.php, will allow us to
>>> restrict the backend access to a certain IP address, but still permit
>>> the API calls to be made from any IP.
>>>
>>> What I've done to solve this is to create  a "proxy" that recieves the
>>> API calls and forwards them to the index.php which is locked by the
>>> .htacces and only accepts
>>> requests from localhost, while that "proxy" accepts connections from
>>> everywhere.
>>>
>>> What do you think? Is a good or bad idea?
>>>
>>> Thanks for this great tool that is helping us a lot with stats!!
>>>
>>> Dani
>>> _______________________________________________
>>> Piwik-hackers mailing list
>>> Piwik-hackers at piwik.org
>>> http://lists.piwik.org/cgi-bin/mailman/listinfo/piwik-hackers
>>>    
>>>     
>>
>> _______________________________________________
>> Piwik-hackers mailing list
>> Piwik-hackers at piwik.org
>> http://lists.piwik.org/cgi-bin/mailman/listinfo/piwik-hackers
>>
>>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> Piwik-hackers mailing list
> Piwik-hackers at piwik.org
> http://lists.piwik.org/cgi-bin/mailman/listinfo/piwik-hackers
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.piwik.org/pipermail/piwik-hackers/attachments/20080723/3803a32a/attachment.htm

More information about the Piwik-hackers mailing list