use native Magento ACL based security for the PHP webservices

[GoogleCodeExporter]

The connector web services are currently exposed in an unprotected manner
to the world. This is very important you prevent anyone from connecting to
the webservice page (
http://localhost/magento/app/code/community/Smile_OpenERP_Synchro/openerp-synchr
o.php
) by tunning your server (probably Apache). Ideally only the OpenERP server
could connect to that page (same as the test page). Using Magento ACL based
webservices would improve that situation a lot. Please don't hesitate to
contribute such an improvement. the Magento webservices API guidelines have
just been published here:
http://www.magentocommerce.com/wiki/doc/webservices-api/custom-api 

Any taker?

Original issue reported on code.google.com by rva...@gmail.com on 9 Aug 2008 at 3:40

[GoogleCodeExporter]

Hi, since version 0.9.7, we mostly use the native Magento webservices instead of
custom code. Custom code is now only use to retrieve sale orders. This is 
potentially
unsafe if you don't prevent anyone to connect to Magento. This is still unclear 
if we
could use the Magento API to retrieve sale orders as I'm not sure sale order 
lines
are included or even properly referenced.

Still, as most of PHP code has been dropped at the profit of the native 
webservice
API, I'm setting a low priority to this now. Still, feel free to help us to
completely switch to the native Magento API, even for sale orders.

Original comment by rva...@gmail.com on 16 Sep 2008 at 10:25

• Added labels: Priority-Low
• Removed labels: Priority-Medium

[GoogleCodeExporter]

Original comment by rva...@gmail.com on 16 Sep 2008 at 10:26

• Changed state: Started

[GoogleCodeExporter]

Original comment by rva...@gmail.com on 17 Sep 2008 at 10:51

• Changed state: Partially_fixed

[GoogleCodeExporter]

We are almost done with that one folks; the PHP part at least is done, see bzr 
logs,
will hopefully be over in the very next days! Stay tuned.

Raphaël Valyi

Original comment by rva...@gmail.com on 8 Jun 2009 at 11:36

[GoogleCodeExporter]

I might be overlooking something here, but the bzr on launchpad show the last 
change to 
be somewhere in march. ( 
http://bazaar.launchpad.net/%7Eopenerp-commiter/openobject-
addons/trunk-extra-addons/files/head%3A/magento_openerp_synchro/ )

Am I looking in the wrong place?

Original comment by mvanderb...@gmail.com on 5 Jul 2009 at 10:59

[GoogleCodeExporter]

thx rvalyi, you guys have been doing terrific stuff! So does your appspot!

Original comment by lanshunf...@gmail.com on 13 Aug 2009 at 2:32