[aerogear-dev] Allow Push Without Master-Secret?

Sébastien Blanc scm.blanc at gmail.com
Thu Apr 17 15:10:18 EDT 2014


Can't you have a third backend party / broker handling the push sending logic (and thus the only one containing the master secret) and the clients (including the chrome addon) just invoke a rest (secured) endpoint on this broker to trigger the sync? 
Just an idea, I don't know enough the details of your project ;)
Seb


Envoyé de mon iPhone

> Le 17 avr. 2014 à 20:44, Florian Schrofner <florian.schrofner at outlook.com> a écrit :
> 
> Thanks for your answer, this has definitely guided us in the right direction!
> I'll try to patch and deploy it on a wildfly cartridge in the next few days
> (currently we were using the aerogear cartridge).
> 
> Still.. would you recommend another solution? I don't think there are a lot
> of other options at the moment, unless we want to expose the master-secret
> (which would make it even worse in my opinion).
> 
> Also aerogear seems to be our best bet in terms of cross-platform
> compatibility, so we'd really like to stay with it.
> 
> 
> 
> --
> View this message in context: http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Allow-Push-Without-Master-Secret-tp7474p7491.html
> Sent from the aerogear-dev mailing list archive at Nabble.com.
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev



More information about the aerogear-dev mailing list