> Now, while the amaroK server <-> Wikipedia
server is locked by a secret
key, the amaroK client <-> amaroK server probably
isn't. Anybody can
make a request to the amaroK server, claiming to be amaroK -- an abuse
then DoSs the entire amaroK user base when it hits the maximum requests
for the amaroK key. <<
> Well, that just pushes the problem from one server
to another. It
doesn't change the overall analysis I gave. <<
I would phrase it as pushing the problem from Wikipedia to the app provider.
Your statement about the client/amaroK key security as being "probably
insecure" is speculation, and ultimately, that isn't Wikipedia's problem.
You obviously have no control over other people's server or key security,
and trying to secure public information is generally impossible anyway.
People will find a way around the limitations of a public API. Google's
webservices API make it easy to query and parse the results, but Google's
HTML page returns are very clean and easy to parse anyway, making it simple
to build a webservice that just scrapes the page.
Wikipedia is also clean html, and a scraper is simple to make. But you have
to ignore those sorts of people. Make it easy for legit users to access what
they need and ignore the people that are going to ignore your rules anyway.
Introduce stricter controls when it becomes clearly necessary, but not
before.
- MHart
-
http://taxalmanac.org