Louise-Amélie Schmitt wrote:
> Hello everyone,
> These questions are a bit silly but I'm really ignorant when it
> comes to security. Sorry about that.
> Why use API keys instead of user names? Is it to to prevent anyone
> from figuring out who is behind an URL? Or did I miss the point?
To provide a username password, we'd either need to implement HTTP
Authentication in Galaxy for these resources, or encode it in the URL.
If in the URL, the password have to be non-plaintext which would require
encoding on the user's end. The key model seemed to be simplest since
it doesn't require you to handle HTTP Authentication in your client-side
> Also, why encrypt the dataset/library/folder ids when a simple
> display is enough to get them?
Anywhere that the IDs are visible are remnants of old code and should
eventually be removed.
> Please keep all replies on the list by using "reply all"
> in your mail client. To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at: