Answer the question
In order to leave comments, you need to log in
D
D
Denis2017-01-24 18:54:24
Denis, 2017-01-24 18:54:24
Is it safe to pass client_id and secret in base64 to the application?
There is WP with a custom endpoint in the API. The application logs in via oAuth 2, receives a token and works with data, sending a token to the header of each request.
I have doubts about how safe it is to send in a request for a token id and secret in the header, in base64?
The application is on ionic and in theory, anyone can sniff what it sends and get my data to connect to the API.
I still don’t know what it threatens, but a person can use my API like that, but I don’t want it.
Login is done like here - https://wp-oauth.com/kb/user-credentials/
API on domain with SSL
3 answer(s)
@gccDenys
D
Denis, 2017-01-25 @gccDenys
base64 is not an information security tool
Anyone can sniff, but it will not be possible to decrypt, for this they actually encrypt./blockquote>
Colleagues, you have confused me. Let's get back to a specific case, there is an application and there is an oAuth 2 server where the login goes through sending a combination of client id and secret to base 64 in the header. What threatens me?
Similar questions
G
K
S
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question