views:

47

answers:

1

Wondering what the best method is for communicating between a 10.5/10.6+ System Preference Pane application to our php5 web application.

The Preference Pane application that we've yet to develop will allow the client to authenticate to our online services, then allow them to control how their local client is backed up to our online backup facilities.

Such far, for example; we've created a testing Preference Pane app that takes the username & password, performs a sha256 hash of the password and POSTS it to an URL like: https://development.private/app.php?username=cleartext&password=sha256hash - once our application responds correctly, the Preference Pane application then pushes all options enabled/disabled via further POSTS calls like: https://development.private/app.php?option1=enable&option2=something.

So the questions are: What is the best way to authenticate the user to our online services? Should we be sending some type of hash token from our web app to the Preference Pane application? and is performing HTTPS POSTS between the two applications the best way to handle this type of communication?

Open to suggestions.

A: 

yes, it's possible to send a token from the web app back to the pref pane, that is, to use sessions, but given that you're using secure connection anyways, i wouldn't bother and just send user's credentials along with every request, within the POST data (app.php?user=...&password=...&data=...) or, better, in the request header (see http://en.wikipedia.org/wiki/Digest_access_authentication).

stereofrog