No More HTTP Authentication

Well, it’s official. webpad 3.0 will now use integrated, session-based authentication for users, rather than HTTP Authentication. I’ve changed to this in large part to allow me to use it in CGI mode (which, incidentally, works wonderfully), so webpad is even more portable now. In fact, if you have PHP running in CGI mode, I will be reccommending that you run webpad under that mode.

With the new integrated authentication, when you hit webpad you are presented with a log in screen, where you enter a username/password as normal, then continue to the actual application.

I’m also currently looking at templating (thanks to a previous hack that Brad Choate made to webpad 2.0 which allowed it to selectively edit the contents of a file, only within certain regions (denoted by webpad tags of some sort). I will have this functionality included in the official release of webpad 3.0 Personal Edition, and it will definitely be a part of the Professional release.

Things may have been quiet, but they’re not completely dead! ๐Ÿ™‚

API Problem Fixed

Thanks to a suggestion from Bill, I found the problem that AvantBlog has been having when attempting to authenticate with the servers… basically they moved their servers!.

As Robert discovered in this post, the server that responds to API requests moved from to, so basically I was posting authentication requests to a server that didn’t exist. This has been rectified now and it appears to be operating properly.

Enjoy your blogging folks ๐Ÿ™‚

AvantBlog Authentication Work-around

I’ve posted details of an authentication problem work-around for AvantBlog. Basically the problem arises because AvantGo appears to expire sessions after about 24 hours whether you want them to or not (correct me if I’m wrong here anyone…)

To get around this, you can easily configure your AvantBlog channel to pass your username and password along with each request for the channel, as per these instructions;

  1. Go to and log in using your *AvantGo* details
  2. Click the “My Device” tab on the left
  3. Click your “AvantBlog” channel to modify its settings
  4. In the “Location” box, add the following onto the end of the address “?username=USER&password=PASS” (no quotes), where USER is replaced with your username, and PASS is replaced with your password.
  5. Save the details (“Save Channel”) and exit AvantGo’s website
  6. Synch your handheld again – you should find that you are now automatically logged into AvantBlog, and this should continue each time you synch, whether you post or not!

I’ll also post my warning that went with the mailing list email I sent out here;

Obviously, this method means that your channel is defined using your actual username and password, in plain text. These details are passed ‘over-the-wire’ in plain txt, so this is not particularly secure. The chances of someone exploiting this are minimal, however if your blog contains any sensitive information or is of a secure nature of any sort, I do not recommend that you configure AvantBlog using this method.