[Chicago] Handling secret stuff
Rob Kapteyn
robkapteyn at gmail.com
Sat May 14 17:31:52 EDT 2016
Why wouldn't HTTPS / SSL be good enough to keep your secret data secret ?
That probably won't be easy to crack for at least 5 or 10 years ;)
-Rob
On Sat, May 14, 2016 at 4:05 PM, Leon Shernoff <leon at mushroomthejournal.com>
wrote:
> Hi, everyone
>
> Is there a "best practices" (or even a "minimally adequate practices")
> post/article somewhere for handling a secret API key?
>
> My dilemma: customer interaction on client's website needs follow-up
> action that requires secret API key. Client insists that this must all be
> automatic and triggered by customer action. I'm like "Any chain of actions
> that is automatic and initiated by action on a public page is going to
> leave a trail to your key." I have a couple of potential solution
> architectures in mind (that are actually secure), but for now I mostly need
> to talk client down from this idea that it needs to all happen totally
> automatically and yet with complete security. Of course, if there *is* some
> magic architecture through which this can happen, I'm all ears. :-)
>
> Thanks!
>
> --
> Best regards,
> Leon
>
> "Creative work defines itself; therefore, confront the work."
> -- John Cage
>
>
> Leon Shernoff
> 1511 E 54th St, Bsmt
> Chicago, IL 60615
>
> (312) 320-2190
>
> _______________________________________________
> Chicago mailing list
> Chicago at python.org
> https://mail.python.org/mailman/listinfo/chicago
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/chicago/attachments/20160514/ddbeae89/attachment.html>
More information about the Chicago
mailing list