Discussion Forum: Thread 135256 |
|
|
| | Author: | bb219749 | Posted: | Jul 3, 2012 14:04 | Subject: | A special "key" to download inventories/WL's | Viewed: | 177 times | Topic: | Suggestions | Status: | Open | Vote: | [Yes|No] | |
|
| I have an idea for the new BrickLink, maybe even for the current BrickLink.
I was thinking, how about a function in BL's software that generated some sort
of "key" created for your account that allows you to send it to the server via
an XML HTTP Request and it lets you download your inventory and maybe even your
wanted list(s) remotely?
You know, so you don't need to send your Username and Password to the server
or enter them into a program (even though I trust BrickStore).
For example, if you sent a cookie like so:
"isPw=hashed password; isUserID=your user id number"
to BL's "/invExcelFinal.asp" page, you could download your inventory without
using your browser. However, you can't do that anymore as Admin changed the
cookies -- but it is probably for the better.
|
|
|
| | | | | |
| | | | Author: | Rolf | Posted: | Jul 3, 2012 15:03 | Subject: | Re: A special "key" to download inventories/WL's | Viewed: | 54 times | Topic: | Suggestions | |
|
| In Suggestions, _JDB writes:
| I have an idea for the new BrickLink, maybe even for the current BrickLink.
I was thinking, how about a function in BL's software that generated some sort
of "key" created for your account that allows you to send it to the server via
an XML HTTP Request and it lets you download your inventory and maybe even your
wanted list(s) remotely?
You know, so you don't need to send your Username and Password to the server
or enter them into a program (even though I trust BrickStore).
For example, if you sent a cookie like so:
"isPw=hashed password; isUserID=your user id number"
to BL's "/invExcelFinal.asp" page, you could download your inventory without
using your browser. However, you can't do that anymore as Admin changed the
cookies -- but it is probably for the better.
|
Problem with that is that you can now rip info from any user store that way.
|
|
|
| | | | | | | | | |
| | | | | | Author: | Rolf | Posted: | Jul 3, 2012 15:03 | Subject: | Re: A special "key" to download inventories/WL's | Viewed: | 47 times | Topic: | Suggestions | |
|
| In Suggestions, Rolf writes:
| In Suggestions, _JDB writes:
| I have an idea for the new BrickLink, maybe even for the current BrickLink.
I was thinking, how about a function in BL's software that generated some sort
of "key" created for your account that allows you to send it to the server via
an XML HTTP Request and it lets you download your inventory and maybe even your
wanted list(s) remotely?
You know, so you don't need to send your Username and Password to the server
or enter them into a program (even though I trust BrickStore).
For example, if you sent a cookie like so:
"isPw=hashed password; isUserID=your user id number"
to BL's "/invExcelFinal.asp" page, you could download your inventory without
using your browser. However, you can't do that anymore as Admin changed the
cookies -- but it is probably for the better.
|
Problem with that is that you can now rip info from any user store that way.
|
Ah missed the hashed password part. Dunno how well it would work.
|
|
|
| | | | | | | | | |
| | | | | | Author: | bb219749 | Posted: | Jul 3, 2012 15:12 | Subject: | Re: A special "key" to download inventories/WL's | Viewed: | 41 times | Topic: | Suggestions | |
|
| In Suggestions, Rolf writes:
| In Suggestions, _JDB writes:
| I have an idea for the new BrickLink, maybe even for the current BrickLink.
I was thinking, how about a function in BL's software that generated some sort
of "key" created for your account that allows you to send it to the server via
an XML HTTP Request and it lets you download your inventory and maybe even your
wanted list(s) remotely?
You know, so you don't need to send your Username and Password to the server
or enter them into a program (even though I trust BrickStore).
For example, if you sent a cookie like so:
"isPw=hashed password; isUserID=your user id number"
to BL's "/invExcelFinal.asp" page, you could download your inventory without
using your browser. However, you can't do that anymore as Admin changed the
cookies -- but it is probably for the better.
|
Problem with that is that you can now rip info from any user store that way.
|
I was thinking about that, but now that you mention it, this could be used for
malicious purposes. I was kind of hoping people would just cross check the inventory
with their wanted lists (but then again, you can do that now).
How about making that key private and changeable by the seller (by being assigned
a new one) whenever they choose?
|
|
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | dvsntt | Posted: | Jul 3, 2012 15:22 | Subject: | Re: A special "key" to download inventories/WL's | Viewed: | 38 times | Topic: | Suggestions | |
|
| In Suggestions, _JDB writes:
| In Suggestions, Rolf writes:
| In Suggestions, _JDB writes:
| I have an idea for the new BrickLink, maybe even for the current BrickLink.
I was thinking, how about a function in BL's software that generated some sort
of "key" created for your account that allows you to send it to the server via
an XML HTTP Request and it lets you download your inventory and maybe even your
wanted list(s) remotely?
You know, so you don't need to send your Username and Password to the server
or enter them into a program (even though I trust BrickStore).
For example, if you sent a cookie like so:
"isPw=hashed password; isUserID=your user id number"
to BL's "/invExcelFinal.asp" page, you could download your inventory without
using your browser. However, you can't do that anymore as Admin changed the
cookies -- but it is probably for the better.
|
Problem with that is that you can now rip info from any user store that way.
|
I was thinking about that, but now that you mention it, this could be used for
malicious purposes. I was kind of hoping people would just cross check the inventory
with their wanted lists (but then again, you can do that now).
How about making that key private and changeable by the seller (by being assigned
a new one) whenever they choose?
|
What is the purpose for avoiding proper authentication?
|
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | bb219749 | Posted: | Jul 3, 2012 15:35 | Subject: | Re: A special "key" to download inventories/WL's | Viewed: | 64 times | Topic: | Suggestions | |
|
| In Suggestions, dvsntt writes:
| In Suggestions, _JDB writes:
| In Suggestions, Rolf writes:
| In Suggestions, _JDB writes:
| I have an idea for the new BrickLink, maybe even for the current BrickLink.
I was thinking, how about a function in BL's software that generated some sort
of "key" created for your account that allows you to send it to the server via
an XML HTTP Request and it lets you download your inventory and maybe even your
wanted list(s) remotely?
You know, so you don't need to send your Username and Password to the server
or enter them into a program (even though I trust BrickStore).
For example, if you sent a cookie like so:
"isPw=hashed password; isUserID=your user id number"
to BL's "/invExcelFinal.asp" page, you could download your inventory without
using your browser. However, you can't do that anymore as Admin changed the
cookies -- but it is probably for the better.
|
Problem with that is that you can now rip info from any user store that way.
|
I was thinking about that, but now that you mention it, this could be used for
malicious purposes. I was kind of hoping people would just cross check the inventory
with their wanted lists (but then again, you can do that now).
How about making that key private and changeable by the seller (by being assigned
a new one) whenever they choose?
|
What is the purpose for avoiding proper authentication?
|
You mean logging in properly? I was thinking about how BrickStore downloads
your own inventory -- it logs into BL using the login form. It seems whenever
I log in, I get sent to MyBrickLink, so I was looking for a way around that.
|
|
|
|
|
|
|