Previous Thread
I have the same issue. I don't want my password going on wire without protection. Furthermore, I would suggest to use POST message rather than GET to avoid the URL including the password would be logged somewhere in the system.
Categories: PogoPlug Development
For logging into pogoplug through the webapi I need to use:
http://service.pogoplug.com/svc/api/loginUser?email=test@pogoplug.com&password=test
Is this a secure way of passing user's credentials? Is there support for https?
December 22, 2011 7:24 PM
I would agree, the current implementation of the PogoPlug WebAPI for user login is very poor. Even if the request is made over HTTPS, the URL is still not encrypted, so the password is in the open.
They should follow the common aproach that many other web service APIs use, and provide users with a Secret Key and a Public Token through the my.pogoplug.com site. Then with these, developers can use these to create a much more secure connection instead of passing actual creditals.
Examples of this approach can be found here:
http://www.flickr.com/services/api/auth.spec.html
http://www.dropbox.com/developers/start/authentication
http://code.google.com/apis/maps/documentation/webservices/#GettingKeys
-MindCore
January 22, 2012 9:39 PM
Actually, if you use HTTPS, all but the domain is encrypted.
That being said, I do like Oauth or tokens.
Add Your Reply
Copyright © 2012
Capable Networks LLC.. All Rights Reserved.
RSS |
Privacy Policy |
Advertise With Us |
Terms of Use |
About Us |
Contact Us |
Site Map
Our Capable Community Network:
DVR playground |
Explore3DTV |
MediaSmart Home |
MotoDash |
My Open Router |
Pogoplugged |
DijitCommunity |
Robo Community |
Sansa Community |
TechLore |
TiVo Community |
TouchSmartDevZone
Pogoplug™ is a trademark of CloudEngines, Inc. PogoPlugged.com is not affiliated with CloudEngines, Inc.
