I'm building an extra layer on top of Movable Type for integration with another system. Part of this involves pre-processing and filtering requests before they get to the MT scripts (comment control, translating external users into MT users etc).
For example, new comments to posts are submitted to a script in the new layer before requests are passed on to mt-comments.cgi. In this instance, I'm denying access to mt-comments.cgi from all but a specific IP as I don't want people being able to post new comments 'directly'.
I'd like to know the general purpose of all mt-*.cgi scripts such that I can deny access to those not relevant and control access to all others.
The mt-*.cgi scripts I have, along with their (estimated) purpose, are:
*Script* *Private access?* *Purpose* mt-add-notify.cgi ? ? mt-atom.cgi ? ? mt.cgi Yes Main MT engine mt-check.cgi ? ? mt-comments.cgi Yes Handles inbound new comments mt-config.cgi Yes Stores main MT configuration mt-feed.cgi ? ? mt-ftsearch.cgi ? ? mt-search.cgi Yes Handles search requests, returns results mt-tb.cgi ? ? mt-testbg.cgi ? ? mt-upgrade.cgi Yes Upgrade tool mt-wizard.cgi Yes Setup/config wizard mt-xmlrpc.cgi ? ?
I'd appreciate answers to fill in the blanks.
By 'private access', I mean: can access be limited (e.g. via .htaccess) to a known set of IPs only? The inverse of this being: must access be available to all IPs?
Answers clearly elaborating on the purpose and use of a script, such that it may be of use to others, are always welcome.
Thanks very much to anyone who can help!
I've filled in the purpose on each of these. I'm pretty sure everything can be private as long as you proxy requests properly, but not positive. Some of these scripts can (and should) be blocked out completely.
*Script* *Private access?* *Purpose*
mt-add-notify.cgi ? Provide Movable Type email notification support
mt-atom.cgi ? An Atom Publishing API interface for communicating with Movable Type.
mt.cgi Yes Main MT engine
mt-check.cgi ? Determines whether you have all of the components you need to run Movable Type
mt-comments.cgi Yes Handles inbound new comments
mt-config.cgi Yes Stores main MT configuration
mt-feed.cgi ? Movable Type application for producing activity feeds.
mt-ftsearch.cgi ? Freetext search
mt-search.cgi Yes Handles search requests, returns results
mt-tb.cgi ? Handles blog trackbacks
mt-testbg.cgi ? Tests for background tasks
mt-upgrade.cgi Yes Upgrade tool
mt-wizard.cgi Yes Setup/config wizard
mt-xmlrpc.cgi ? XML RPC interface (external blog tool posting)
I knew a few of these, but the easiest way to find out what each does is crack open the file and see which Perl module it calls (such at MT::Trackback), then run perldoc lib/MT/Trackback.pm for each. It will give you all sorts of information about what each script can do.