[Chicago] Secret stuff: additional detail

Adam Forsyth adam at adamforsyth.net
Sat May 14 17:55:03 EDT 2016


Leon,

If you're saying you'd need the secret key to be present client-side in the
customer's web browser, then no, that isn't secure.

You need a server-side component, or you need to get some sort of one-time
use, limited scope key that can only be used to take the action the
customer is permitted to take -- and whether or not that's possible depends
on what the API is you're interacting with.


On Sat, May 14, 2016 at 4:40 PM, Leon Shernoff <leon at mushroomthejournal.com>
wrote:

> @ my question of 4:05pm
>
> I should also add that this is a WordPress site, so it's not a situation
> where I can do things with the server's system itself. :/
>
> --
> Best regards,
>     Leon
>
> "Creative work defines itself; therefore, confront the work."
>      -- John Cage
>
>
> Leon Shernoff
> 1511 E 54th St, Bsmt
> Chicago, IL  60615
>
> (312) 320-2190
>
> _______________________________________________
> Chicago mailing list
> Chicago at python.org
> https://mail.python.org/mailman/listinfo/chicago
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/chicago/attachments/20160514/6c97bc41/attachment.html>


More information about the Chicago mailing list