jocelyntremblayOr even just replacing the key in my code, replacing the turboactivate.dat with one from a newly created account and generating hundreds of infinite/long duration timed trial key ?
If someone find my API key, is my web api access secure?
jocelyntremblayI'm about to launch my software next week (after almost 2 years of software/web/store design) and I am looking at securing the most I can of it.
As my application is coded in Adobe Air, it is pretty easy to decompile. From there, finding the Lime API key is a matter of minutes.
If someone find it, how it is easy for them to create new key, timed trial, or key deleting/revoking ? with the web api ? As I understand, the only info they don't have is the version id, but it should not be that long to go thru.
So why there is no password, or secure way, to protect my web api access once someone find my API key ?
jocelyntremblay
Never ever use the web API key in your code. Consider it a password and act accordingly.
Why are you including the web API key in your app?
jocelyntremblayduh, should have double checked... web api key and GUID are different.... sorry for the false alert.
OK.