How to: Build secure desktop applications

From Safe Creative API
Revision as of 11:18, 6 May 2010 by w>Jguillo
Jump to navigation Jump to search

Desktop application design has some security concerns. As a best-practice security design, this type of applications should not store the private key (and maybe not even the shared key) of the api in the application distributable. This includes direct harcoding of the keys in the source code or any other form of encryption.

The recommended design is the use of a gatekeeper as a service for the application. This gatekeeper stores the application shared and private key and provides required user authorizations to the application.