[okfn-labs] GetMyGist changes
duke.m16 at gmail.com
Wed May 23 16:36:58 BST 2012
I thought many times about it,
I will fix this, like you said: moving the api keys to proxy server,
I wanted use this server for other projects, but I believe the better
solution is use this proxy only for GetMyGist, if I need use a proxy to
github again I fork this proxy
On Wed, May 23, 2012 at 8:25 AM, Nick Stenning <nick at whiteink.com> wrote:
> Hi Duke,
> This is great, and the idea of using the Gist API as a code/whatever
> storage platform is a great one. James Casbon played with the same
> solution for early versions of notebook.js
> On 21/05/2012 12:19, Rufus Pollock wrote:
> > In addition, thanks entirely to Duke we always have write support via
> > OAuth (unfortunately this requires a small oauth proxy) so we have a
> > full-on mini-gist editor.
> Unfortunately the proxy is a bit *too* minimal. Specifically I note that
> you are storing the OAuth client secret clientside:
> This is not a good idea, as it means that I can easily disable your
> service by using your credentials to exceed the API rate limit.
> Also, while it might not be in violation of GitHub's ToS, it's certainly
> not good practice to share the client secret. See the second paragraph
> The solution is to store this information server-side (in the proxy) and
> to implement some kind of session management for clients of GetMyGist.
> Best wishes, and not trying to be a downer,
> okfn-labs mailing list
> okfn-labs at lists.okfn.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the okfn-labs