Marlinc
commented
12 years ago How are we going to protect this? Using a kind of login? Because it would be very insecure if someone who is not a team member could create certificates.
Open dennisdegryse opened 12 years ago
Marlinc
commented
12 years ago How are we going to protect this? Using a kind of login? Because it would be very insecure if someone who is not a team member could create certificates.
dennisdegryse
commented
12 years ago Good point. We'll need to add an inputbox that asks for the password, then creates a hash from the password and sends it with the link. Here's an implementation of SHA-1 for JS: http://www.movable-type.co.uk/scripts/sha1.html
JSON API that inserts new certifications by giving the server tld, world number, player id and ambassador id (as POST parameters). The API must return a JSON string that contains the id of the new certificate.
This JSON API is to be used in the ambassador validation script.