When using the SIGNED authorization type in a "makeRequest()" call, the signature that are sent in the request parameters url are logged in our Web Server log file. So, if someone (maybe a bad person) accesses these logs, they could use this URL to send a direct access to my application and obtaining the "trusted" content. In time, if someone is "eyesdropping" my network perimeter, they could obtain this url too.
Is that right? If yes, is there some workarounds to do this transaction secure? Thanks, Luciano R. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OpenSocial Application Development" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~----------~----~----~----~------~----~------~--~---
