|
|
|
|
|
|
by JangoSteve
4478 days ago
|
|
|
You're correct; if you see my reply here [1], you'll notice I mentioned it by name. See #2 in my original response concerning SSL. And notice the difference in length and complexity between #2 and #1; it was written this way intentionally to highlight the complexity of doing security authentication properly, in order to encourage the use of SSL, given that it is both more "full-proof" and simpler. [1] https://news.ycombinator.com/item?id=7371259 EDIT: Please also see the point @Rizz pointed out, in that you'd still want to use something like OAuth, since HTTPS doesn't solve the issue of an attacker knowing your client's API key by inspecting its distributed code. |
|
|