XMLAPI / Webservice Security for idiots.
Right, well a while back when Axcid was just getting started (with the original API), we thought security was gonna be a big issue(the API is open now).
So I came up with this method of security, in which the only way it could really be cracked was if the string / method used to hash the security string was retrieved from the code of the application.
So basically:
1. Client sends request for ticket (if request is granted, ticket hash is sent)
2. Client hashes ticket with a special key in the application.
3. Ticket is submitted with request, ticket is deleted in the database.
I call this method, common sense.
If you have ever worked with ticket based session systems before, your probably familiar with this idea.
It’s a simple way to make sure YOUR application / client is the only one accessing data.
Making sure a client data matches up with servers. who woulda thought /sarcasm