11:50 a.m.
Hi peeps, I was chatting with Kris and Matthias about how interesting would be the
addition of Basic/Digest authentication for Android, iOS and JS.
The initial feeling is basic -> easy to add, digest -> tricky. Both methods are weak
for security, but we still have developers dealing with the legacy and make their lives
less painful would be nice.
Wdyt?
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
11:56 a.m.
let's start with basic, and add a WARNING :)
digest can be added if really really required
On Tue, Apr 9, 2013 at 6:50 PM, Bruno Oliveira <bruno(a)abstractj.org> wrote:
Hi peeps, I was chatting with Kris and Matthias about how
interesting
would be the addition of Basic/Digest authentication for Android, iOS and
JS.
The initial feeling is basic -> easy to add, digest -> tricky. Both
methods are weak for security, but we still have developers dealing with
the legacy and make their lives less painful would be nice.
Wdyt?
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
12:09 p.m.
+1 for basic
On Tue, Apr 9, 2013 at 6:56 PM, Matthias Wessendorf <matzew(a)apache.org>wrote:
let's start with basic, and add a WARNING :)
digest can be added if really really required
On Tue, Apr 9, 2013 at 6:50 PM, Bruno Oliveira <bruno(a)abstractj.org>wrote:
> Hi peeps, I was chatting with Kris and Matthias about how interesting
> would be the addition of Basic/Digest authentication for Android, iOS and
> JS.
>
> The initial feeling is basic -> easy to add, digest -> tricky. Both
> methods are weak for security, but we still have developers dealing with
> the legacy and make their lives less painful would be nice.
>
> Wdyt?
>
> --
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
12:15 p.m.
On Tue, Apr 09, 2013 at 06:56:37PM +0200, Matthias Wessendorf wrote:
let's start with basic, and add a WARNING :)
+1, having
basic auth is a must, with a huge warning to use it only over
https ;)
digest can be added if really really required
What about adding
JIRAs and putting them on the lowest priority? If
there's votes for it...
--
qmx
12:24 p.m.
On Apr 9, 2013, at 12:15 PM, Douglas Campos <qmx(a)qmx.me> wrote:
On Tue, Apr 09, 2013 at 06:56:37PM +0200, Matthias Wessendorf wrote:
> let's start with basic, and add a WARNING :)
+1, having basic auth is a must, with a huge warning to use it only over
https ;)
+1 - We could maybe even check the protocol and throw an error if they try using it
without https but at least a warning is a must
> digest can be added if really really required
What about adding JIRAs and putting them on the lowest priority? If
there's votes for it…
+1
--
qmx
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
12:36 p.m.
We have jiras for JS https://issues.jboss.org/browse/AEROGEAR-1086 and
https://issues.jboss.org/browse/AEROGEAR-1087
Wdyt about a Jira umbrella for basic on iOS, Android and JS and the same approach for
digest?
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
On Tuesday, April 9, 2013 at 2:15 PM, Douglas Campos wrote:
On Tue, Apr 09, 2013 at 06:56:37PM +0200, Matthias Wessendorf wrote:
> let's start with basic, and add a WARNING :)
+1, having basic auth is a must, with a huge warning to use it only over
https ;)
> digest can be added if really really required
What about adding JIRAs and putting them on the lowest priority? If
there's votes for it...
--
qmx
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org (mailto:aerogear-dev@lists.jboss.org)
https://lists.jboss.org/mailman/listinfo/aerogear-dev
1:34 p.m.
On Tue, Apr 09, 2013 at 02:36:35PM -0300, Bruno Oliveira wrote:
We have jiras for JS https://issues.jboss.org/browse/AEROGEAR-1086
and https://issues.jboss.org/browse/AEROGEAR-1087
Wdyt about a Jira umbrella for basic on iOS, Android and JS and the same approach for
digest?
+1 go for it
--
qmx
2:29 p.m.
Great, https://issues.jboss.org/browse/AEROGEAR-1087 and
https://issues.jboss.org/browse/AEROGEAR-1086 updated. Let me know if something is wrong
with it.
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
On Tuesday, April 9, 2013 at 3:34 PM, Douglas Campos wrote:
On Tue, Apr 09, 2013 at 02:36:35PM -0300, Bruno Oliveira wrote:
> We have jiras for JS https://issues.jboss.org/browse/AEROGEAR-1086 and
https://issues.jboss.org/browse/AEROGEAR-1087
>
> Wdyt about a Jira umbrella for basic on iOS, Android and JS and the same approach
for digest?
+1 go for it
--
qmx
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org (mailto:aerogear-dev@lists.jboss.org)
https://lists.jboss.org/mailman/listinfo/aerogear-dev
12:10 p.m.
In theory it should be supported by the under lying connection libraries and exposing it
shouldn't be a bit problem
Sent from my Android phone using TouchDown (www.nitrodesk.com)
-----Original Message-----
From: Bruno Oliveira [bruno(a)abstractj.org]
Received: Tuesday, 09 Apr 2013, 12:50PM
To: AeroGear Developer Mailing List [aerogear-dev(a)lists.jboss.org]
Subject: [aerogear-dev] Basic/Digest APIs on the client side, doable?
Hi peeps, I was chatting with Kris and Matthias about how interesting would be the
addition of Basic/Digest authentication for Android, iOS and JS.
The initial feeling is basic -> easy to add, digest -> tricky. Both methods are weak
for security, but we still have developers dealing with the legacy and make their lives
less painful would be nice.
Wdyt?
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
12:14 p.m.
easy one first
On Apr 9, 2013, at 1:10 PM, Summers Pittman <supittma(a)redhat.com> wrote:
In theory it should be supported by the under lying connection
libraries and exposing it shouldn't be a bit problem
Sent from my Android phone using TouchDown (www.nitrodesk.com)
-----Original Message-----
From: Bruno Oliveira [bruno(a)abstractj.org]
Received: Tuesday, 09 Apr 2013, 12:50PM
To: AeroGear Developer Mailing List [aerogear-dev(a)lists.jboss.org]
Subject: [aerogear-dev] Basic/Digest APIs on the client side, doable?
Hi peeps, I was chatting with Kris and Matthias about how interesting would be the
addition of Basic/Digest authentication for Android, iOS and JS.
The initial feeling is basic -> easy to add, digest -> tricky. Both methods are
weak for security, but we still have developers dealing with the legacy and make their
lives less painful would be nice.
Wdyt?
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
12:24 p.m.
On Tue, Apr 9, 2013 at 7:10 PM, Summers Pittman <supittma(a)redhat.com> wrote:
In theory it should be supported by the under lying connection
libraries
and exposing it shouldn't be a bit problem
for AFN, we would need some tweaks, not directly supported, for a reason:
https://github.com/AFNetworking/AFNetworking/issues/551
but it can be made work, if we want....
Sent from my Android phone using TouchDown (www.nitrodesk.com)
-----Original Message-----
From: Bruno Oliveira [bruno(a)abstractj.org]
Received: Tuesday, 09 Apr 2013, 12:50PM
To: AeroGear Developer Mailing List [aerogear-dev(a)lists.jboss.org]
Subject: [aerogear-dev] Basic/Digest APIs on the client side, doable?
Hi peeps, I was chatting with Kris and Matthias about how interesting
would be the addition of Basic/Digest authentication for Android, iOS and
JS.
The initial feeling is basic -> easy to add, digest -> tricky. Both
methods are weak for security, but we still have developers dealing with
the legacy and make their lives less painful would be nice.
Wdyt?
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
4279
days inactive
4279
days old
10 comments
7 participants
participants (7)
-
Bruno Oliveira -
Douglas Campos -
Kris Borchers -
Lucas Holmquist -
Matthias Wessendorf -
Sebastien Blanc -
Summers Pittman