|
|
|
|
|
|
by clintjhill
5121 days ago
|
|
|
I've thought about this too. For me it's a matter of what somebody really "gets" with those keys. If I'm compromised by someone whose taken my keys and programmed a script against my service are they stealing anything? Well if I've applied some form of ACL and provided some secondary authentication against data they shouldn't be able to query I should be Ok. Likewise with user accounts. If they take my keys, and somehow get someones password they'd have the same access they would otherwise have through the GUI. If I put user passwords into the code, well yeah that's totally bad on me. I don't know. I'm not a security expert, however I've not been able to catch a problem with this. I'd love to know better. |
|
|