What's the purpose of signing submissions?

- njaard ha detto...
- Utente
- Nov 29 2011, 3:24
What's the purpose of signing submissions?

What's the purpose of signing submissions when anyone can use my app's shared key?

Is the submission signing thing mandatory? Can I use mobile authentication to negate the need for starting the web browser at all? This seems like a much less annoying approach for the user.

[quote][b][user]njaard[/user][/b] ha detto: What's the purpose of signing submissions when anyone can use my app's shared key? Is the submission signing thing mandatory? Can I use mobile authentication to negate the need for starting the web browser at all? This seems like a much less annoying approach for the user.[/quote]

Permalink Citazione
- dunk ha detto...
- Staff
- Nov 29 2011, 18:08
Submissions need to be signed so that /your/ api key can't scrobble to /anyone's/ last.fm account. It's simply security. Submission signing is mandatory. Use a library - then you don't even need to write the code ;).

[quote][b][user]dunk[/user][/b] ha detto: Submissions need to be signed so that /your/ api key can't scrobble to /anyone's/ last.fm account. It's simply security. Submission signing is mandatory. Use a library - then you don't even need to write the code ;).[/quote]

Permalink Citazione
- njaard ha detto...
- Utente
- Dic 22 2011, 0:42
But anyone could take my api key to sign their signatures, thus negating the security.

[quote][b][user]njaard[/user][/b] ha detto: But anyone could take my api key to sign their signatures, thus negating the security. [/quote]

Permalink Citazione
- njaard ha detto...
- Utente
- Dic 22 2011, 0:48
Is there an API for automatically authorizing my application to submit to a user's scrobbles? The mobile API apparently doesn't have this requirement, so why should I make the user go through the extra step?

Why do I need to encrypt against the shared api key when the shared api key is shared?

[quote][b][user]njaard[/user][/b] ha detto: Is there an API for automatically authorizing my application to submit to a user's scrobbles? The mobile API apparently doesn't have this requirement, so why should I make the user go through the extra step? Why do I need to encrypt against the shared api key when the shared api key is shared?[/quote]

Permalink Citazione
- sentropie ha detto...
- Utente
- Feb 1 2012, 13:19
Bump for interest.

I also like to know what's the point of signing when everyone can optain that key.
And, even more interesting, why should desktop developers not make use of mobile authentication or did I just misunderstand the API doc?

[quote][b][user]sentropie[/user][/b] ha detto: Bump for interest. I also like to know what's the point of signing when everyone can optain that key. And, even more interesting, why should desktop developers not make use of mobile authentication or did I just misunderstand the API doc?[/quote]

Permalink Citazione

Gli utenti anonimi non possono inviare messaggi. Per inserire messaggi nei forum, accedi o crea il tuo account.