On API keys...

Tom Glod tom at makeshyft.com
Fri Jun 24 23:34:25 EDT 2022 

This is a great best-practice explanation. Perhaps someone can turn it into
a blog post and put it on the site.
Thanks again



On Fri, Jun 24, 2022 at 6:24 PM Bob Sneidar via use-livecode <
use-livecode at lists.runrev.com> wrote:

> Mr. (Or should I say Doctor) Waddingham! This is a really brilliant essay
> on the risk, benefits and rewards in multiple scenarios concerning the
> storage of keys. I’ve mentioned before that I came up with the idea of
> “poisoning” the encrypted data before the data was transmitted. If
> intercepted in transit, the data itself could never be decrypted without
> knowing how it was poisoned and what was needed to “cleanse” it. And that
> would require access to either the API of the device doing the corruption
> or the cleansing, or else someone who knew the method.
>
> By using this method, all but physical and social vectors are nullified.
> And control of those vectors is an illusion.
>
> Bob S
>
> Sent from my iPhone
>
> > On Jun 24, 2022, at 13:22, Mark Wieder via use-livecode <
> use-livecode at lists.runrev.com> wrote:
> >
> > On 6/24/22 10:04, Mark Waddingham via use-livecode wrote:
> >
> >> The only way to use these keys is from server scripts running on a
> server which you do your best to maintain the security of. Ideally these
> keys should be stored in files which are only readable by specific users -
> usually the web-server user which is running the backend scripts which
> needs to make the requests.
> >
> > Or as server environment variables retrieved only by server scripts
> which are not user-accessible.
> >
> > --
> > Mark Wieder
> > ahsoftware at gmail.com
> >
> > _______________________________________________
> > use-livecode mailing list
> > use-livecode at lists.runrev.com
> > Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> > http://lists.runrev.com/mailman/listinfo/use-livecode
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>

More information about the use-livecode mailing list