[Project_owners] Protecting a Shared Secret
special.michael at gmail.com
Thu May 25 14:11:27 EDT 2006
does licensing require that you make efforts not to leave the key readable?
if not it's not your problem, it's the person who designed such a
flawed API access restriction
On 5/25/06, Brian King <brian at mozdev.org> wrote:
> Jippen wrote:
> > Why not use a one-way hash of the secret? Say, md5 and salt the thing,
> > then compare it with a hash stored on the machine. If it is good, send
> > out the hash to the server, who does the same thing.
> Well, for one thing, the API is 3rd party so we have no control of the
> server code.
> Brian King
> www.mozdev.org - free project hosting for the Mozilla community
> Project_owners mailing list
> Project_owners at mozdev.org
More information about the Project_owners