[aerogear-dev] SPEC: AeroGear Unified Push Server
Douglas Campos
qmx at qmx.me
Wed May 8 12:32:14 EDT 2013
On Wed, May 08, 2013 at 06:54:02AM +0200, Matthias Wessendorf wrote:
> Not sure if that is really enough, but here the "server side comp." needs
> to know the ID of the logical "Push Application" constract, plus it
> "push-app-access-key";
>
> So... if someone knows these two, he could start spamming the users, hence
> I feel that on-top of these keys we may want to have the
> server-side-component somehow perform some sort of auth against our
> HTTP-SEND endpoint
I don't think we can avoid having end-to-end certificate-based auth
between the backends...
--
qmx
More information about the aerogear-dev
mailing list