Hi guys,
Using Wurfl Cloud standard licensing with Java and Python clients. I noticed that java client is making requests to api.wurflcloud.com without SSL/TLS layer. Look like the key is transmitted as part of Basic HTTP Auth over wire
Is there a way to enable encryption or TLS/SSL using Java and Python clients?
What happens if someone obtains our key which is highly likely given lack of encryption?
Is there TLS/SSL support? Key is non encrypted on wire.
Re: Is there TLS/SSL support? Key is non encrypted on wire.
The SSL handshake is expensive and increases HTTP latency, so we decided not to support it at the moment, although I wouldn't rule it out in the future. I don't think it is likely that someone will intercept your key unless you are on a shared hosting plan which allows root access and promiscuous mode virtual interfaces. Another possible attack angle is from the network providers, but this is also unlikely since there is relatively little to gain by stealing a WURFL Cloud account key. In any case, if there is a problem, you can change your API key at will from the WURFL Cloud control panel.
Thanks,
Steve Kamerman
ScientiaMobile
Make sure you check out our WURFL Cloud, WURFL InSight and WURFL InFuze products!
Steve Kamerman
ScientiaMobile
Make sure you check out our WURFL Cloud, WURFL InSight and WURFL InFuze products!
Re: Is there TLS/SSL support? Key is non encrypted on wire.
OK, Thanks.
Is there a way to cheaply determine that somebody else is using our key?
Is there a way to cheaply determine that somebody else is using our key?
Re: Is there TLS/SSL support? Key is non encrypted on wire.
We keep track of which IPs your requests are coming from, so I can have someone run a quick check for you. More often than not, higher-than-expected traffic is due to some automated bot or health check. You might want to take a look at your webserver access logs to see if there is something strange in there. We do attempt to remove this traffic from your stats, so you are welcome to share the User Agent of an offending service with us if you want, and we may include it.
Thanks,
Steve Kamerman
ScientiaMobile
Make sure you check out our WURFL Cloud, WURFL InSight and WURFL InFuze products!
Steve Kamerman
ScientiaMobile
Make sure you check out our WURFL Cloud, WURFL InSight and WURFL InFuze products!
Who is online
Users browsing this forum: No registered users and 56 guests