I think we could use a technique like "*Image Steganography[[1]*" to store consumer key/secret inside the application so it would be difficult to hack. For the image we can use something like application logo so it won't get much attention. On the otherhand we could modify the steganography algorithm and make it much more secure.
[1]. http://en.wikipedia.org/wiki/Steganography Best Regards, Lakshitha Harshan Software Engineer Mobile: *+94724423048* Email: [email protected] Blog : http://harshanliyanage.blogspot.com/ *WSO2, Inc. :** wso2.com <http://wso2.com/>* lean.enterprise.middleware. On Thu, Apr 17, 2014 at 2:21 PM, Chathura Dilan <[email protected]> wrote: > if it is unique to the app, there could be another security issue. Someone > can get our source and authenticate himself with his app, and they are able > to download the key from the server. > > > On Thu, Apr 17, 2014 at 2:12 PM, Chathura Dilan <[email protected]>wrote: > >> Is consumer/secret key unique to a user or is it unique to the app? >> >> >> On Thu, Apr 17, 2014 at 12:20 PM, Chan <[email protected]> wrote: >> >>> +1 to the idea since basic auth will be first used to obtain the >>> consumer secret. But we might have to change the flow from how it usually >>> work. >>> >>> Cheers~ >>> >>> >>> On Thu, Apr 17, 2014 at 12:17 PM, Kasun Dananjaya Delgolla < >>> [email protected]> wrote: >>> >>>> Hi All, >>>> >>>> We're going to protect all the API calls from EMM client side using >>>> OAuth. >>>> >>>> I have a concern whether to store the consumer key/secret inside the >>>> EMM Agent Application or making it dynamic. We can actually send those 2 >>>> when the user authenticates from the mobile client (As the response), and >>>> then we can store it inside a private preference (Which is application >>>> private). >>>> >>>> I see this as the safest way because keeping it hardcoded in the source >>>> or a file might be extremely easy to hack. So WDYT? >>>> >>>> Regards, >>>> -- >>>> Kasun Dananjaya Delgolla >>>> >>>> Software Engineer >>>> WSO2 Inc.; http://wso2.com >>>> lean.enterprise.middleware >>>> Tel: +94 11 214 5345 >>>> Fax: +94 11 2145300 >>>> Mob: + 94 777 997 850 >>>> Blog: http://kddcodingparadise.blogspot.com >>>> Linkedin: *http://lk.linkedin.com/in/kasundananjaya >>>> <http://lk.linkedin.com/in/kasundananjaya>* >>>> >>>> >>>> >>>> -- >>>> Kasun Dananjaya Delgolla >>>> >>>> Software Engineer >>>> WSO2 Inc.; http://wso2.com >>>> lean.enterprise.middleware >>>> Tel: +94 11 214 5345 >>>> Fax: +94 11 2145300 >>>> Mob: + 94 777 997 850 >>>> Blog: http://kddcodingparadise.blogspot.com >>>> Linkedin: *http://lk.linkedin.com/in/kasundananjaya >>>> <http://lk.linkedin.com/in/kasundananjaya>* >>>> >>> >>> >>> >>> -- >>> Chan (Dulitha Wijewantha) >>> Software Engineer - Mobile Development >>> WSO2Mobile >>> Lean.Enterprise.Mobileware >>> * ~Email [email protected] <[email protected]>* >>> * ~Mobile +94712112165 <%2B94712112165>* >>> * ~Website dulitha.me <http://dulitha.me>* >>> * ~Twitter @dulitharw <https://twitter.com/dulitharw>* >>> *~Github @dulichan <https://github.com/dulichan>* >>> *~SO @chan <http://stackoverflow.com/users/813471/chan>* >>> >> >> >> >> -- >> Regards, >> >> Chatura Dilan Perera >> *(Senior Software Engineer - WSO2 Inc.)* >> www.dilan.me >> > > > > -- > Regards, > > Chatura Dilan Perera > *(Senior Software Engineer - WSO2 Inc.)* > www.dilan.me >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
