[dev] YQL and horde

roman stachura roman at stachura.ch
Mon Nov 22 08:47:27 UTC 2010


Am 21.11.2010 04:32, schrieb Chuck Hagenbuch:
> Quoting roman stachura <roman at stachura.ch>:
>
>> Hi There
>>
>> before I go for a pull request on "yql open tables" 
>> (https://github.com/yql/yql-tables)
>> I let the horde folks play with it.
>>
>> The final draft should only be accessible over https:// . (passwords)
>
Hi Chuck
> Can you explain which servers passwords actually go through if one 
> uses this?

the username and password for accessing the horde framework.
This could be any horde username/password.

The horde credentials are endcoded as Base64 in the yql tables with 
javascript  for the headers:

  var credential = y.crypto.encodeBase64(username + ":" + password);
  var myRequest  = y.rest(url);

      myRequest.header("Authorization", "Basic "+credential);

for more infos on Executing JavaScript in Open Data Tables 
<http://developer.yahoo.com/yql/guide/yql-execute-chapter.html>

This header get cached on the yahoo server. You can extend the lifespan 
of this header up to 3600sec.
The returning results from horde get as well cached.

To protect the conversation yql comes with built-in ssl.


there are different scenario how you can use yql.

for testing and development, you go for the console:
-http://developer.yahoo.com/yql/console/

in a Application:
- javascript --> 
http://derekville.net/2010/how-to-secure-oauth-in-javascript/
http://nagiworld.net/2010/03/keeping-secrets-safe-with-yql-storage
- php --> curl 
http://developer.yahoo.com/yql/guide/yql-code-examples.html#yql_php
- python etc...

so even in a pure javascript environment its possible to protect/hide 
the password username.

-roman

>
> -chuck
>



More information about the dev mailing list