Elgg 1. Find in NLB Library. Creator: Costello, Cash. Edition: 2nd ed.
|Published (Last):||25 December 2011|
|PDF File Size:||17.95 Mb|
|ePub File Size:||1.84 Mb|
|Price:||Free* [*Free Regsitration Required]|
Elgg provides an API for building custom web services. You expose functionality through the web services API by building a plugin and then either publish your API for other developers to build clients or provide your own. Here is a simple example of exposing a method so that a client app can post a status update to the wire in Elgg:.
For more information on that see the Elgg web services wiki page. Tagged elgg , web services. I've run into the nasty problem that Chrome Frame causes to session handling code that uses the user agent in its security.
There are applications that use the user agent string in a hash that sets the signature of a session. Each time the session is loaded using that key, the signature is checked. This catches some session hijacking attempts. Let's assume that an attacker is able to obtain a user's session key and then uses it. There is some probability that the user agent will be different and the attack will fail.
It's a layers of security approach - it doesn't prevent the attack but makes it harder. Of course, if the attacker sniffed the session key, the attacker also has the user agent. If the attacker obtain the session key from the user's computer, the user agent was available there also. So you can see that it is not much of a security feature. There are web applications that use this and this is where Google's Chrome Frame browser addon for IE comes into play.
This extension changes the user agent based on the type of data requested and the method of the request. These user agent changes result in the signature check to fail and the session is regenerated and the user is logged out.
Depending on the site and content, this can appear to be almost random or it can be very consistent log in, log out, log in, log out The solutions are to either drop this security feature or filter the chromeframe string out of the user agent. Tagged chromeframe , google , security.
While Google Analytics may be the most popular analytics service, there are times when you want to use your own hosted solution intranet, control over data. Piwik is a great open source package that provides an impressive set of tools and a very nice look and feel. Using it with Elgg is extremely easy. You can write a plugin to do this in a few minutes as Elgg provides an analytics view in the footer that can be extended.
Tagged analytics , elgg , piwik. If you are using a reverse proxy in front of your web server, the incoming request URLS are for the internal server. This results in the people from the outside getting errors after the getting the initial landing page.
To work around this, I was able to use Piwik's boostrap. This is loaded first for any Piwik page. Tagged php , piwik , reverse proxy.
A new component in Elgg 1. I've written a skeleton example of how plugin authors can use the framework. It can be downloaded here. Tagged elgg , unit tests. For example:. This will write the query to the error log giving you a chance to see what you are doing wrong or if there is a bug in the Elgg framework.
This works fine with versions up to 1. Unknown how this will work on 1. Update: For Elgg 1. This assumes that you have debugging turned off. Tagged elgg. This morning Google Analytics wasn't responding. So many sites use it that it basically slowed down the entire Internet. Tagged google. Someone at work mentioned that Outlook was complaining about an RSS feed. The error message was "The link may not point to a valid RSS source". This was odd because the feed validated and every other feed reader was able to handle it.
Even stranger, Outlook had no issues with the same feed if it was not coming from an https address. After some experimentation, I tracked the problem down to caching. The feed was being generated by a PHP application that was using sessions. By default, PHP sets some http headers to prevent pages from being cached when sessions are used.
The solution was to either turn off session handling when the request was for an RSS feed or change the headers before sent so that caching wasn't turned off. For this application doing the latter was easier.
Tagged outlook , php , rss. The publisher should be making an announcement soon. We'll be sure to mention it on the Elgg blog. The start. You can put web ser Cash Costello. Here is a simple example of exposing a method so that a client app can post a status update to the wire in Elgg: 1.
Session security and Chrome Frame 28 Apr Piwik and Elgg 24 Apr Piwik and Reverse Proxy 17 Feb Elgg Unit Tests 6 Dec When Google Goes Down 3 Oct Recent Comments The publisher should be making an announcement soon.
Oleksis Elgg Unit Tests.
Elgg 1.8 social networking / Cash Costello.
Elgg provides an API for building custom web services. You expose functionality through the web services API by building a plugin and then either publish your API for other developers to build clients or provide your own. Here is a simple example of exposing a method so that a client app can post a status update to the wire in Elgg:. For more information on that see the Elgg web services wiki page. Tagged elgg , web services.
Elgg 1.8 Social Networking