Re: [aerogear-dev] Push server...master secrets, secrets and some refactoring proposal
We can discuss on the next week, but even if you define at the
application level "read only" users. People still can read from the
database.
I'm trying to understand why they need to have the master secret
displayed into the web page. At first glance, it sounds like the same
effect of displaying their passwords at admin.
Matthias Wessendorf wrote:
I think we would need to continue having IDs/secrets visible on the
UI
IMO It's very hard to use Push server, w/o that information; again I didnt
read the entire thread yet
Perhsps, we could hide the key (***************) for read-only users; but I
think the overall concern is having them in the DB. My guess is that we
need to have them being stored on the DB
--
abstractj
Attachments:
- signature.asc (application/pgp-signature — 495 bytes)