if it is unique to the app, there could be another security issue. Someone can get our source and authenticate himself with his app, and they are able to download the key from the server.
On Thu, Apr 17, 2014 at 2:12 PM, Chathura Dilan <[email protected]> wrote: > Is consumer/secret key unique to a user or is it unique to the app? > > > On Thu, Apr 17, 2014 at 12:20 PM, Chan <[email protected]> wrote: > >> +1 to the idea since basic auth will be first used to obtain the consumer >> secret. But we might have to change the flow from how it usually work. >> >> Cheers~ >> >> >> On Thu, Apr 17, 2014 at 12:17 PM, Kasun Dananjaya Delgolla < >> [email protected]> wrote: >> >>> Hi All, >>> >>> We're going to protect all the API calls from EMM client side using >>> OAuth. >>> >>> I have a concern whether to store the consumer key/secret inside the EMM >>> Agent Application or making it dynamic. We can actually send those 2 when >>> the user authenticates from the mobile client (As the response), and then >>> we can store it inside a private preference (Which is application private). >>> >>> I see this as the safest way because keeping it hardcoded in the source >>> or a file might be extremely easy to hack. So WDYT? >>> >>> Regards, >>> -- >>> Kasun Dananjaya Delgolla >>> >>> Software Engineer >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> Tel: +94 11 214 5345 >>> Fax: +94 11 2145300 >>> Mob: + 94 777 997 850 >>> Blog: http://kddcodingparadise.blogspot.com >>> Linkedin: *http://lk.linkedin.com/in/kasundananjaya >>> <http://lk.linkedin.com/in/kasundananjaya>* >>> >>> >>> >>> -- >>> Kasun Dananjaya Delgolla >>> >>> Software Engineer >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> Tel: +94 11 214 5345 >>> Fax: +94 11 2145300 >>> Mob: + 94 777 997 850 >>> Blog: http://kddcodingparadise.blogspot.com >>> Linkedin: *http://lk.linkedin.com/in/kasundananjaya >>> <http://lk.linkedin.com/in/kasundananjaya>* >>> >> >> >> >> -- >> Chan (Dulitha Wijewantha) >> Software Engineer - Mobile Development >> WSO2Mobile >> Lean.Enterprise.Mobileware >> * ~Email [email protected] <[email protected]>* >> * ~Mobile +94712112165 <%2B94712112165>* >> * ~Website dulitha.me <http://dulitha.me>* >> * ~Twitter @dulitharw <https://twitter.com/dulitharw>* >> *~Github @dulichan <https://github.com/dulichan>* >> *~SO @chan <http://stackoverflow.com/users/813471/chan>* >> > > > > -- > Regards, > > Chatura Dilan Perera > *(Senior Software Engineer - WSO2 Inc.)* > www.dilan.me > -- Regards, Chatura Dilan Perera *(Senior Software Engineer - WSO2 Inc.)* www.dilan.me
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
