On API keys...

Heather Laine heather at livecode.com
Mon Jun 27 11:03:46 EDT 2022


Yes indeed. See Blog.

Best Regards,

Heather
Heather Laine
Customer Services Manager
LiveCode Ltd
www.livecode.com



> On 25 Jun 2022, at 04:34, Tom Glod via use-livecode <use-livecode at lists.runrev.com> wrote:
> 
> This is a great best-practice explanation. Perhaps someone can turn it into
> a blog post and put it on the site.
> Thanks again
> 
> 
> 
> On Fri, Jun 24, 2022 at 6:24 PM Bob Sneidar via use-livecode <
> use-livecode at lists.runrev.com> wrote:
> 
>> Mr. (Or should I say Doctor) Waddingham! This is a really brilliant essay
>> on the risk, benefits and rewards in multiple scenarios concerning the
>> storage of keys. I’ve mentioned before that I came up with the idea of
>> “poisoning” the encrypted data before the data was transmitted. If
>> intercepted in transit, the data itself could never be decrypted without
>> knowing how it was poisoned and what was needed to “cleanse” it. And that
>> would require access to either the API of the device doing the corruption
>> or the cleansing, or else someone who knew the method.
>> 
>> By using this method, all but physical and social vectors are nullified.
>> And control of those vectors is an illusion.
>> 
>> Bob S
>> 
>> Sent from my iPhone
>> 
>>> On Jun 24, 2022, at 13:22, Mark Wieder via use-livecode <
>> use-livecode at lists.runrev.com> wrote:
>>> 
>>> On 6/24/22 10:04, Mark Waddingham via use-livecode wrote:
>>> 
>>>> The only way to use these keys is from server scripts running on a
>> server which you do your best to maintain the security of. Ideally these
>> keys should be stored in files which are only readable by specific users -
>> usually the web-server user which is running the backend scripts which
>> needs to make the requests.
>>> 
>>> Or as server environment variables retrieved only by server scripts
>> which are not user-accessible.
>>> 
>>> --
>>> Mark Wieder
>>> ahsoftware at gmail.com
>>> 
>>> _______________________________________________
>>> use-livecode mailing list
>>> use-livecode at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode




More information about the use-livecode mailing list