This problem is fairly generic one – how do I store backend id and backend secret in the application? As the example shows – I could hardcode the keys in the application but then anybody can who has access to the binary has complete access to the backend. To conteract that, I could create acl’s to control access to specific objects to specific users. But not really sure whether this the right way,
I don’t understand – why there are two keys? if these keys are meant to be stored in the app, One key would have been sufficient.
So I have to create a middle webservice which sits between the application and engio where application sends the backend id and the middle service slaps on the backend secret and sends it over to engin.io ?
-A
↧