[Chicago] Secret stuff: additional detail

Adam Forsyth adam at adamforsyth.net
Sat May 14 17:55:03 EDT 2016


If you're saying you'd need the secret key to be present client-side in the
customer's web browser, then no, that isn't secure.

You need a server-side component, or you need to get some sort of one-time
use, limited scope key that can only be used to take the action the
customer is permitted to take -- and whether or not that's possible depends
on what the API is you're interacting with.

On Sat, May 14, 2016 at 4:40 PM, Leon Shernoff <leon at mushroomthejournal.com>

> @ my question of 4:05pm
> I should also add that this is a WordPress site, so it's not a situation
> where I can do things with the server's system itself. :/
> --
> Best regards,
>     Leon
> "Creative work defines itself; therefore, confront the work."
>      -- John Cage
> Leon Shernoff
> 1511 E 54th St, Bsmt
> Chicago, IL  60615
> (312) 320-2190
> _______________________________________________
> Chicago mailing list
> Chicago at python.org
> https://mail.python.org/mailman/listinfo/chicago
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/chicago/attachments/20160514/6c97bc41/attachment.html>

More information about the Chicago mailing list