storage - Don't want to store the secret Facebook/Twitter API key on mobile devices, design patterns? -

-

i have issue letting secret api key on world on potentially thousands of mobile devices. compromised , used malicious purposes hacker.

so options me? guess private server has secret api key , web service encapsulates method calls. instead of mobile device having secret key , like:
list<friends> = service.getfriends(secretkey);

if secret api key compromised , used spamming/abuse purposes, must shut down use users, leaving application dead in sea.

so idea can use mobile device unique device id , do:
list<friends> = myservice.getfriends(deviceid);

of course, malicious hacker call web service fake deviceid, @ least have control blacklist deviceid's. introduces potential bandwidth isssue, of less concern.

a true pki out of question, since targetted device doesn't handle http client certificates in current version.

any other ideas?

you don't want publish api key facebook or twitter, obfuscated within client.

your instincts correct proxy through service control. limiting access service - how risk unauthorized use? device id pretty clue device/user identity, can faked.

there stronger authentication methods use (sms auth, etc) establish long-term session or device key, these more complex , impose higher burden on end user.

tl;dr

protect platform api keys. secure own api enough protect needs.


Comments

Post a Comment

Popular posts from this blog

android - Spacing between the stars of a rating bar? -

-
ho can set spacing beween stars? thats ratingbar: ratingbar = (ratingbar) inflater.inflate(r.layout.ratingbar, null); ratingbar.setlayoutparams(new layoutparams(layoutparams.wrap_content, layoutparams.wrap_content)); the layout: <?xml version="1.0" encoding="utf-8"?> <ratingbar xmlns:android="http://schemas.android.com/apk/res/android" style="@style/mystyle" android:layout_alignparentright="true" android:layout_height="19dp" android:layout_width="wrap_content" android:numstars="5"> </ratingbar> the style: <style name="mystyle" parent="@android:style/widget.ratingbar"> <item name="android:progressdrawable">@drawable/android_r2_ratingstar_yellow</item> <item name="android:indeterminatedrawable">@drawable/android_r2_ratingstar_grey</item> </style> thanks, cheers you have ...
Read more

html - Instapaper-like algorithm -

-
does of algorithm extracts contents webpage? instapaper ? there 2 steps instapaper does: find main content block on page (excluding headers, footers, menus etc) from content block extract , format text to find content block (typically html block element, div containing key page text content) instapaper uses algorithm 1 used readability . can @ source of readability.js see what's going on, @ core tries find area on page highest text/link ratio, although has other simple scoring metrics (e.g. off top of head, things ratio of text commas, para elements etc) go heuristics. once have identified root node element, relevant content, you'll need format it, if want can pull node element containing text out of source document , insert yours, in reality you'll want remove existing styles , apply own, standard , feel. if want output nice text-only can use jericho's renderer . update1 : should mention else instapaper - follow 'pagination' links (...
Read more

c# - How to execute a particular part of code asynchronously in a class -

-
i creating speech recognition engine that's going respond user commands.i have created button enable , disable speech recognition per user convenience.i have used dispose() of speech engine disable speech recoginition.here code private void button1_click(object sender, routedeventargs e) { engineon = !engineon; if (engineon) { speechengine = speech.createspeechengine(); //speech class creates , returns new speech engine. speechengine.audiolevelupdated += new eventhandler<audiolevelupdatedeventargs>(speechengine_audiolevelupdated); // use system's default microphone speechengine.setinputtodefaultaudiodevice(); speechengine.loadgrammar(new dictationgrammar()); // start listening speechengine.recognizeasync(recognizemode.multiple); } else { speechclass.myengine.dispose(); } } but disposal of speech obj...
Read more