[aerogear-dev] [OTP] Mobile-OTP / OTP for .NET

Wed Dec 19 08:22:05 EST 2012

Not really, we're all here to have some fun, learn and write code. Currently we're running our demo on the same server and we do not recommend our devs to do some different than this, if someone can intercept our JQuery call, so the server was compromised.

If you want to have 2 servers, one to generate the QRCode and another to your endpoints, I suggest a DMZ and maybe Honeypots for this.   

As described at our docs, on the next releases we have some plans for the shared secret expiration, for example. Some risks can be mitigated, but of course, we can always learn, improve and try to make it even better.

-- 
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile

On Tuesday, December 18, 2012 at 7:48 PM, Daniel Manzke wrote:

> I know you have more experiences at this stage than me.