Hacker News new | past | comments | ask | show | jobs | submit login

In my company we have an application that stores an API key in its local storage. This API key is generated by the client app when it's first run and it's individual. If it gets stolen only that client will have its security compromised. That happened to us a couple of times, always on rooted android phones with pirated software installed.

I'm a heavy AWS user but not too familiar with S3 keys, couldn't the keys be generated and isolated per user?




Yes. You can request Temporary Credentials for s3 service. However, the only secure way to do it is on server side not on client.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: