Litmus:Web Services: Difference between revisions

Litmus:Web Services (view source)

157 bytes added , 4 August 2006

314

edits

@@ Line 41: / Line 41: @@
 Authentication of the client poses a difficult problem. While it would seem that clients could send an encrypted version of their password to the server, Litmus (like Bugzilla) uses a random secret salt for additional security. Because of this, it is impossible for Litmus to know if a password is correct without having the plaintext version of the password the user entered. As such, we can't just send encrypted passwords over the wire.
-User accounts that will be used for automation must be enabled by an administrator in the edit users interface. Enabling a user for automation assigns them a special authentication token that is used to identify themselves to the server. When submitting testcase data through the automation interface, the user sends their username and their token instead of the their normal Litmus password.
+User accounts that will be used for automation must be enabled by an administrator in the edit users interface. Enabling a user for automation assigns them a special authentication token that is used to identify themselves to the server. When submitting testcase data through the automation interface, the user sends their username and their token instead of the their normal Litmus password. This prevents automation accounts from being used for normal Litmus web login and allows authentication tokens to be shared amongst multiple users/machines.
 === Code-level Details ===