<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Apr 16, 2014 at 9:29 PM, Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">We can discuss on the next week, but even if you define at the<br>
application level "read only" users. People still can read from the<br>
database.<br>
<br>
I'm trying to understand why they need to have the master secret<br>
displayed into the web page. At first glance, it sounds like the same<br>
effect of displaying their passwords at admin.<br></blockquote><div><br></div><div>I compare these secrets with the API keys that Google provides for its services. When you go on their Cloud Console , you can check your API key along with the project number.</div>
<div><br></div><div>For sure, it's for convenience but imagine someone (or a team)) having 100 apps, we delegate to them the managing of these keys. But again let's discuss that next week.</div><div> </div><div><br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="HOEnZb"><div class="h5"><br>
Matthias Wessendorf wrote:<br>
> I think we would need to continue having IDs/secrets visible on the UI<br>
><br>
> IMO It's very hard to use Push server, w/o that information; again I didnt<br>
> read the entire thread yet<br>
><br>
> Perhsps, we could hide the key (***************) for read-only users; but I<br>
> think the overall concern is having them in the DB. My guess is that we<br>
> need to have them being stored on the DB<br>
<br>
</div></div><span class="HOEnZb"><font color="#888888">--<br>
abstractj<br>
<br>
<br>
</font></span><br>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div><br></div></div>