Re: [aerogear-dev] Allow Push Without Master-Secret?
Can't you have a third backend party / broker handling the push sending logic (and
thus the only one containing the master secret) and the clients (including the chrome
addon) just invoke a rest (secured) endpoint on this broker to trigger the sync?
Just an idea, I don't know enough the details of your project ;)
Seb
Envoyé de mon iPhone
Le 17 avr. 2014 à 20:44, Florian Schrofner
<florian.schrofner(a)outlook.com> a écrit :
Thanks for your answer, this has definitely guided us in the right direction!
I'll try to patch and deploy it on a wildfly cartridge in the next few days
(currently we were using the aerogear cartridge).
Still.. would you recommend another solution? I don't think there are a lot
of other options at the moment, unless we want to expose the master-secret
(which would make it even worse in my opinion).
Also aerogear seems to be our best bet in terms of cross-platform
compatibility, so we'd really like to stay with it.
--
View this message in context:
http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Allow-Push-Without...
Sent from the aerogear-dev mailing list archive at Nabble.com.
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev