Skip to main content
Software Engineering

Timeline for Is it smart to store application keys, ids, etc directly inside an application?

Current License: CC BY-SA 2.5

10 events
when toggle format what by license comment
Apr 10, 2011 at 3:34 vote accept Edward
Apr 8, 2011 at 18:58 comment added Shamit Verma On .NET stack, it might be easier for you to create a WCF web service that would be deployed on server. This service would serve configuration. Since client is on WP7, it can send some device specific string for authentication.
Apr 8, 2011 at 17:07 comment added Edward @Shamit Verma I'm using .NET for the WP7 Platform.
Apr 8, 2011 at 4:37 comment added Shamit Verma Which tech stack are you on? Java / .net or LAMP / RoR ?
Apr 8, 2011 at 2:40 comment added Edward @Shamit Verma this is exactly what I wanted to know. Are there any resources on accessing a key through a web service?
Apr 6, 2011 at 14:17 comment added Shamit Verma Windows is just an example, OS does not matter. Windows and Unix both use Kerberos. So, if App is running on Linux (Or Solaris or BSD or ...) it would still supply auth tokens generated by OS. And Web Service would authenticate based on those tokens.
Apr 6, 2011 at 14:08 comment added Wyatt Barnett Well, you know not everyone is running on windows these days . . .
Apr 6, 2011 at 14:01 comment added Shamit Verma You should not have to store Keys to access the web service. Application should use OS level authentication to authenticate itself to web service. E.g. NTLM or Kerberos. For example, when user logs onto Desktop, user would not be prompted again for password in Outlook. Outlook would use the same auth information to authenticate end-user to Exchange.
Apr 6, 2011 at 13:56 comment added Wyatt Barnett So, if you are storing your api keys in a web service, where do you store the key to access said presumably secure web service?
Apr 6, 2011 at 13:45 history answered Shamit Verma CC BY-SA 2.5