Litmus:Web Services: Difference between revisions

Jump to navigation Jump to search
Line 41: Line 41:
Authentication of the client poses a difficult problem. While it would seem that clients could send an encrypted version of their password to the server, Litmus (like Bugzilla) uses a random secret salt for additional security. Because of this, it is impossible for Litmus to know if a password is correct without having the plaintext version of the password the user entered. As such, we can't just send encrypted passwords over the wire.  
Authentication of the client poses a difficult problem. While it would seem that clients could send an encrypted version of their password to the server, Litmus (like Bugzilla) uses a random secret salt for additional security. Because of this, it is impossible for Litmus to know if a password is correct without having the plaintext version of the password the user entered. As such, we can't just send encrypted passwords over the wire.  


User accounts that will be used for automation must be enabled by an administrator in the (to be created) edit users interface. Enabling a user for automation assigns them a randomly generated token that is used to identify themselves to the server. When submitting testcase data through the automation interface, the user sends their username and their token instead of the their normal Litmus password.
User accounts that will be used for automation must be enabled by an administrator in the edit users interface. Enabling a user for automation assigns them a special authentication token that is used to identify themselves to the server. When submitting testcase data through the automation interface, the user sends their username and their token instead of the their normal Litmus password.


=== Code-level Details ===
=== Code-level Details ===
314

edits

Navigation menu