Timeline for API Auth vs User Auth
Current License: CC BY-SA 3.0
10 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Nov 26, 2012 at 4:07 | comment | added | Paul Sylling | So how is this generally solved in applications. Or is it not worth attempting to add this additional level of authentication? | |
| Nov 25, 2012 at 7:02 | history | tweeted | twitter.com/#!/StackProgrammer/status/272596004254142465 | ||
| Oct 28, 2012 at 3:10 | comment | added | Jake Woods | SSL only protects data encrypted from being read during transmissions. But if you distribute a binary that contains a string with your username/password for your API with the intent to log in to the API then the program needs to be able to send that username/password combo to the server. In order to do that the client hardware needs to be able to read the username/password in order to know what to send. And if the hardware can read it then so can the user, therefore it's only a matter of time until your password is found and your API can be accessed by anyone. | |
| Oct 28, 2012 at 2:26 | comment | added | Paul Sylling | SSL would solve this concern right? | |
| Oct 28, 2012 at 0:27 | comment | added | Jake Woods | The client needs to be able to send the information over the wire, therefore it needs to be able to read the information. How can the client execute something it can't read? And if the client can read it, so can the user with a bit of effort. | |
| Oct 27, 2012 at 17:16 | comment | added | Paul Sylling | I thought the source files were encrypted if you try to reverse engineer an iphone app that you have downloaded for instance. | |
| Oct 27, 2012 at 1:04 | comment | added | Jake Woods | When you distribute your client, what's to stop a user of the client from reverse-engineering the username/password combo from your source? | |
| Sep 18, 2012 at 4:53 | answer | added | Brendan Green | timeline score: 1 | |
| Sep 13, 2012 at 22:04 | review | First posts | |||
| Oct 7, 2012 at 2:25 | |||||
| Sep 7, 2012 at 2:21 | history | asked | Paul Sylling | CC BY-SA 3.0 |