[maemo-developers] How to ensure only HTTP requests from the device can be accepted in a web app?

From: Sivan Greenberg sivan at omniqueue.com
Date: Mon Nov 8 14:58:41 EET 2010
On Mon, Nov 8, 2010 at 2:27 PM, Ian Stirling <maemo at mauve.plus.com> wrote:
> Firstly - why on earth do you care?
> If a user is authenticated, why does it matter if they are breaking any
> agreements they may have made with you to only access content on their n900.

Never post to public list when you are going over your 5 tasks in the
same time limit. This is perfectly true and holds! Moreover, the
client for the service would only run on the N900 (well until I
develop a desktop version of it) . but for all purpose a user account
would suffice.

>
> The silly hack that comes to mind is to go to the firmware download page,
> and use that as an authenticator, but that would be insane.

Out of *pure* technical curiosity how would that work? I mean, how can
I ask tablets-dev to authorize someone when it authorizes it due to
knowing that IMEI he/she provided is indeed a nokia device?

>
> Also - as a user, I would be hesitant at giving out my IMEI.
> While there are few risks at the moment, open-source GSM platforms are
> becoming available to the hacker community, and the protocol was not really
> designed for security.

I never gave thought to this, what would it help in abuse to have your IMEI ?

>
> I will note that http://www.omniqueue.com/ shows a pleasing sparseness of
> design, that many websites would do well to imitate.

Thanks! I try ;-) Even if it had a design it would most probably be
very minimalistic on the brink of a text document....


>
> No flash ads, no slow javascript, and at 0 bytes, quick to transfer!
>
Cellular data consumer kept in mind! :-p


Cheers,

-Sivan
More information about the maemo-developers mailing list