[Chicago] Handling secret stuff
Adam Forsyth
adam at adamforsyth.net
Sat May 14 17:19:45 EDT 2016
I'm not sure I understand your question. Take Braintree (where I work) for
example -- every time someone sends us their credit card info, we connect
to a credit card processor using a secret API key and send them the data.
How is that different from what you're describing?
On Sat, May 14, 2016 at 4:05 PM, Leon Shernoff <leon at mushroomthejournal.com>
wrote:
> Hi, everyone
>
> Is there a "best practices" (or even a "minimally adequate practices")
> post/article somewhere for handling a secret API key?
>
> My dilemma: customer interaction on client's website needs follow-up
> action that requires secret API key. Client insists that this must all be
> automatic and triggered by customer action. I'm like "Any chain of actions
> that is automatic and initiated by action on a public page is going to
> leave a trail to your key." I have a couple of potential solution
> architectures in mind (that are actually secure), but for now I mostly need
> to talk client down from this idea that it needs to all happen totally
> automatically and yet with complete security. Of course, if there *is* some
> magic architecture through which this can happen, I'm all ears. :-)
>
> Thanks!
>
> --
> Best regards,
> Leon
>
> "Creative work defines itself; therefore, confront the work."
> -- John Cage
>
>
> Leon Shernoff
> 1511 E 54th St, Bsmt
> Chicago, IL 60615
>
> (312) 320-2190
>
> _______________________________________________
> Chicago mailing list
> Chicago at python.org
> https://mail.python.org/mailman/listinfo/chicago
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/chicago/attachments/20160514/d6cfd099/attachment.html>
More information about the Chicago
mailing list