Wednesday, August 3, 2011

Clients of the webservice

Some time ago my iPhone happened to get lost. There were many clients of well known services installed and all of them had been logged in and most part of them had their passwords saved. To prevent access from my lost phone I had to change password for almost all services I used.

Clients should avoid using re-authentication with login and password. It implies saving them on the client side. Conversely, the application should either ask for OAuth authentication or for login and password only once. Latter requires the server to provide the key to login next time with.

Those techniques allow the web server to control all the clients without changing the password if something has happened to one of the clients.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.