I’m trying the use of web services, managed through a Xojo webapp, created according to the Xojo Inc. guidelines. (user guide, blog, examples, forum, etc).
I’m authorizing the client access, through a code in the header.
Since the client may be hacked, is it possible (and how) to improve access security, using OTP or other methods?
thank you
I’m sure you could use a one-time password or whatever technique you want (perhaps an API Key?), but you’d have to implement it yourself. There are no “standards” for web security.
If you just use a code in the header then you will need an ssl connection or dedicated VPN for your app to stop man-in-the-middle attacks. But SSL is slow and dedicated VPN extra setup and maintenance work. To avoid these overheads, you can use Xojo public/private key encryption to avoid transmitting the access token in the clear, yet without ssl or dedicated vpn.