[aerogear-dev] Push server...master secrets, secrets and some refactoring proposal
Bruno Oliveira
bruno at abstractj.org
Wed Apr 16 15:29:24 EDT 2014
We can discuss on the next week, but even if you define at the
application level "read only" users. People still can read from the
database.
I'm trying to understand why they need to have the master secret
displayed into the web page. At first glance, it sounds like the same
effect of displaying their passwords at admin.
Matthias Wessendorf wrote:
> I think we would need to continue having IDs/secrets visible on the UI
>
> IMO It's very hard to use Push server, w/o that information; again I didnt
> read the entire thread yet
>
> Perhsps, we could hide the key (***************) for read-only users; but I
> think the overall concern is having them in the DB. My guess is that we
> need to have them being stored on the DB
--
abstractj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
Url : http://lists.jboss.org/pipermail/aerogear-dev/attachments/20140416/5434de4e/attachment.bin
More information about the aerogear-dev
mailing list