[maemo-developers] How to ensure only HTTP requests from the device can be accepted in a web app?
From: Sivan Greenberg sivan at omniqueue.comDate: Mon Nov 8 14:58:41 EET 2010
- Previous message: How to ensure only HTTP requests from the device can be accepted in a web app?
- Next message: How to ensure only HTTP requests from the device can be accepted in a web app?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Nov 8, 2010 at 2:27 PM, Ian Stirling <maemo at mauve.plus.com> wrote: > Firstly - why on earth do you care? > If a user is authenticated, why does it matter if they are breaking any > agreements they may have made with you to only access content on their n900. Never post to public list when you are going over your 5 tasks in the same time limit. This is perfectly true and holds! Moreover, the client for the service would only run on the N900 (well until I develop a desktop version of it) . but for all purpose a user account would suffice. > > The silly hack that comes to mind is to go to the firmware download page, > and use that as an authenticator, but that would be insane. Out of *pure* technical curiosity how would that work? I mean, how can I ask tablets-dev to authorize someone when it authorizes it due to knowing that IMEI he/she provided is indeed a nokia device? > > Also - as a user, I would be hesitant at giving out my IMEI. > While there are few risks at the moment, open-source GSM platforms are > becoming available to the hacker community, and the protocol was not really > designed for security. I never gave thought to this, what would it help in abuse to have your IMEI ? > > I will note that http://www.omniqueue.com/ shows a pleasing sparseness of > design, that many websites would do well to imitate. Thanks! I try ;-) Even if it had a design it would most probably be very minimalistic on the brink of a text document.... > > No flash ads, no slow javascript, and at 0 bytes, quick to transfer! > Cellular data consumer kept in mind! :-p Cheers, -Sivan
- Previous message: How to ensure only HTTP requests from the device can be accepted in a web app?
- Next message: How to ensure only HTTP requests from the device can be accepted in a web app?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]