Downloading public details of users as a guest
Gabor Szabo
gabor at szabgab.com
Thu Apr 4 01:58:42 CEST 2013
On Tue, Apr 2, 2013 at 11:26 PM, Sébastien Aperghis-Tramoni
<sebastien at aperghis.net> wrote:
> It's a simple shared secret; the handler just checks if the key exists in the config:
> » https://github.com/book/Act/blob/master/lib/Act/Handler/WebAPI.pm#L45
>
> And yes, you can define it in you local act.ini
>
>> I tried to configure the API key for the ILPW2013 but it seems my svn
>> commits are not deployed
>> to the live site. Is something broken on the act server or am I doing
>> something wrong?
>
>
> No, that's normal behavior: closed conference only get svn-updated once per day, at midnight.
>
OK, so after waiting the right amount of time I see the site got
updated and I can use the API_key
with the ILPW2013 site.
If I understand this correctly I still need to ask each conference
organizer to add an API_key, right?
If they put a key in then anyone can get any of the fields listed in
https://github.com/book/Act/blob/master/lib/Act/Handler/WebAPI.pm#L12
including fields that are otherwise not public such as 'email',
'address', 'vat' and maybe a few others. (I am happy to see that
passwd is not among them.)
If that's true, can Act administrators still allow this without giving
out private information?
Gabor
More information about the Act
mailing list