Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - vektor

Pages: [1]
1
Are you considering to put the code on GitHub, so that everyone can contribute?

2
VGCollect for Android / Re: Android Developers?
« on: October 02, 2015, 03:59:51 pm »
Do you have any experience working with git/github? The main issue that I'm dealing with it that I don't want to expose some of the server side API that I've written for VGC. I think with little effort I could rewrite some of it to store the API key in a file and just add it to .gitignore. I'd also need to create a few keys for developers to use.

Security through obscurity isn't a thing.  If it's just an API key you're hiding, someone could easily sniff that.  :-)

Even worse, they have an api with keys, but they "hide" the key in a php file that is used by the app to forward requests to the actual api.  ;D
If I wanted to use your api I shouldn't even worry about sniffing a key that you'll disable.

Unfortunately once you expose an API on the web, you can only make it harder for people to use it, but there's no way to hide. You could replace JSON data with HTML scraping, but the performance will decrease dramatically.

Also, you should hash a password before sending it to the api, then check if the created hash matches the one in your database (unless you're storing clear passwords, in 2015).

Code: [Select]
http://vgcollect.com/api/api.php?action=validate&username=vektor&password=MYPASSWORDINCLEARTEXT
is not safe, use MD5 or SHA.

Pages: [1]