My practice has been, when withdrawing money from an ATM machine, to pocket a paper receipt until such time as I find myself before my computer and may record the transaction.
So I made another App Engine service that lets me enter ATM withdrawals into a database,
,and publishes monthly accounts as XML,
,which are then consumed by Google spreadsheets' ImportXML() function:
I called it "A.T.Them," and once I had it working, I added an endpoint to handle Zeep operations. Now when I withdraw money, I can decline the offer of a paper receipt, saving some trees, and text "atthem 61.50" or whatever and it will pop up right in my spreadsheet.
I can't figure out how to post the source without Blogger mangling the HTML, but it's all trivial in any case. One note is that ImportXML() doesn't do any kind of authentication, so the monthly lists of all my ATM withdrawals are not protected by anything beyond my keeping the URI's at which they may be found a secret.
Likewise (and this vulnerability, such as it is, applies equally to any Zeep service), someone who knew the URI that handles Zeep requests and my Zeep subscriber ID could impersonate "atthem" messages and populate my spreadsheet with junk. It's easy enough to add some sort of challenge and response to Zeep operations, but I didn't bother.
No comments:
Post a Comment