What's the purpose of signing submissions?

- njaard a dit :...
- Utilisateur
- 29 nov. 2011, 3h24m
What's the purpose of signing submissions?

What's the purpose of signing submissions when anyone can use my app's shared key?

Is the submission signing thing mandatory? Can I use mobile authentication to negate the need for starting the web browser at all? This seems like a much less annoying approach for the user.

[quote][b][user]njaard[/user][/b] a dit : What's the purpose of signing submissions when anyone can use my app's shared key? Is the submission signing thing mandatory? Can I use mobile authentication to negate the need for starting the web browser at all? This seems like a much less annoying approach for the user.[/quote]

Lien permanent Citer
- dunk a dit :...
- Équipe Last.fm
- 29 nov. 2011, 18h08m
Submissions need to be signed so that /your/ api key can't scrobble to /anyone's/ last.fm account. It's simply security. Submission signing is mandatory. Use a library - then you don't even need to write the code ;).

[quote][b][user]dunk[/user][/b] a dit : Submissions need to be signed so that /your/ api key can't scrobble to /anyone's/ last.fm account. It's simply security. Submission signing is mandatory. Use a library - then you don't even need to write the code ;).[/quote]

Lien permanent Citer
- njaard a dit :...
- Utilisateur
- 22 déc. 2011, 0h42m
But anyone could take my api key to sign their signatures, thus negating the security.

[quote][b][user]njaard[/user][/b] a dit : But anyone could take my api key to sign their signatures, thus negating the security. [/quote]

Lien permanent Citer
- njaard a dit :...
- Utilisateur
- 22 déc. 2011, 0h48m
Is there an API for automatically authorizing my application to submit to a user's scrobbles? The mobile API apparently doesn't have this requirement, so why should I make the user go through the extra step?

Why do I need to encrypt against the shared api key when the shared api key is shared?

[quote][b][user]njaard[/user][/b] a dit : Is there an API for automatically authorizing my application to submit to a user's scrobbles? The mobile API apparently doesn't have this requirement, so why should I make the user go through the extra step? Why do I need to encrypt against the shared api key when the shared api key is shared?[/quote]

Lien permanent Citer
- sentropie a dit :...
- Utilisateur
- 1 fév. 2012, 13h19m
Bump for interest.

I also like to know what's the point of signing when everyone can optain that key.
And, even more interesting, why should desktop developers not make use of mobile authentication or did I just misunderstand the API doc?

[quote][b][user]sentropie[/user][/b] a dit : Bump for interest. I also like to know what's the point of signing when everyone can optain that key. And, even more interesting, why should desktop developers not make use of mobile authentication or did I just misunderstand the API doc?[/quote]

Lien permanent Citer

Les utilisateurs anonymes ne peuvent pas poster de messages. Merci de vous connecter ou de créer un compte pour pouvoir intervenir dans les forums.