Monthly Archives: January 2009

A Different Model For Web Services Authorization

Posted on January 5, 2009 by Ian McKellar

In my last post I set out to describe how easy it is to extract private keys from desktop software. As I was concluding I stumbled on an alternative approach that might be more secure in some circumstances. I didn’t … Continue reading →

Posted in Default | Tagged flickr, google, oauth, security | 8 Comments

No More Secrets

Posted on January 5, 2009 by Ian McKellar

Using secret keys to identify applications communicating across the internet has become popular as people have copied the very successful Flickr authentication API. Unfortunately people trust that they can keep these keys secret from attackers, even as they distribute applications … Continue reading →

Posted in Default | Tagged flickr, oauth, security | 8 Comments

Monthly Archives: January 2009

A Different Model For Web Services Authorization

No More Secrets

About

Pages

Recent Posts

Archives