I'm a bit unsure on the statement "both my app and the api server app are using ssh". If you mispelled and wanted to write "ssl" instead of "ssh", then I'm ok. If everything is behind SSL, no "man in the middle" can see what you are passing back/forth your apps.
On the "secureness" of the rather default username/password combo instead of a fixed character length key, it's a no brainer: if you're fine with username/password you should be reassured that a fixed key would be equally secure (albeit it has to match username+password length and complexity). >From the theoretical standpoint, you need to pass a string in either case to the app. -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
