Hi All, We're going to protect all the API calls from EMM client side using OAuth.
I have a concern whether to store the consumer key/secret inside the EMM Agent Application or making it dynamic. We can actually send those 2 when the user authenticates from the mobile client (As the response), and then we can store it inside a private preference (Which is application private). I see this as the safest way because keeping it hardcoded in the source or a file might be extremely easy to hack. So WDYT? Regards, -- Kasun Dananjaya Delgolla Software Engineer WSO2 Inc.; http://wso2.com lean.enterprise.middleware Tel: +94 11 214 5345 Fax: +94 11 2145300 Mob: + 94 777 997 850 Blog: http://kddcodingparadise.blogspot.com Linkedin: *http://lk.linkedin.com/in/kasundananjaya <http://lk.linkedin.com/in/kasundananjaya>* -- Kasun Dananjaya Delgolla Software Engineer WSO2 Inc.; http://wso2.com lean.enterprise.middleware Tel: +94 11 214 5345 Fax: +94 11 2145300 Mob: + 94 777 997 850 Blog: http://kddcodingparadise.blogspot.com Linkedin: *http://lk.linkedin.com/in/kasundananjaya <http://lk.linkedin.com/in/kasundananjaya>*
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev