[
https://issues.apache.org/jira/browse/SHINDIG-1116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eiji Kitamura updated SHINDIG-1116:
-----------------------------------
Component/s: PHP
Description:
Consumer Key and Secret for OAuth are assumed to be indexed using gadget url,
currently.
But if you think of a case where multiple people share same gadget, consumer
key / secret will be shared too, and it is not good.
For example, our container is planning to have UI for developers to input their
consumer key / secret for a gadget. But if they are indexed using only gadget
url, key / secret will be exposed to someone else by trying the same gadget
url. Thus, it's better consumer key / secret pair are indexed using gadget id.
Affects Version/s: 1.0.1
1.1-RC1
1.1-BETA2
1.1-BETA1
1.0
Summary: Consumer Key and Consumer Secret for OAuth should be
indexed using Gadget ID (was: Consumer Key and Consumer Secret for OAuth
should be indexed )
> Consumer Key and Consumer Secret for OAuth should be indexed using Gadget ID
> ----------------------------------------------------------------------------
>
> Key: SHINDIG-1116
> URL: https://issues.apache.org/jira/browse/SHINDIG-1116
> Project: Shindig
> Issue Type: Bug
> Components: PHP
> Affects Versions: 1.0, 1.1-BETA1, 1.1-BETA2, 1.1-RC1, 1.0.1
> Reporter: Eiji Kitamura
> Priority: Trivial
>
> Consumer Key and Secret for OAuth are assumed to be indexed using gadget url,
> currently.
> But if you think of a case where multiple people share same gadget, consumer
> key / secret will be shared too, and it is not good.
> For example, our container is planning to have UI for developers to input
> their consumer key / secret for a gadget. But if they are indexed using only
> gadget url, key / secret will be exposed to someone else by trying the same
> gadget url. Thus, it's better consumer key / secret pair are indexed using
> gadget id.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
