Re: Storing an "OAuth consumer secret"

On 15-Dec-2011 16:05 , James Lampert wrote:

CRPence wrote:

If customers already are tracked to a database file, then perhaps
store the value encrypted in a column of that database file.? Since
v5r3 there is some SQL built-in support to do so, without having
to code to the encryption\decryption via Cryptographic Services
APIs.

Uh, why would a customer need to store more than one?

No clue. Though I never implied they would. I had actually implied [with the omitted SQL snippets] that just one value would be stored per customer [identifier]; a row defined by column list (cust_id,secret).

FWiW the SQL can still be used, even without any TABLE; e.g. using a VALUES INTO or SELECT INTO to encrypt data into a host variable. The results of the variable could be stored anywhere, and then used in another similar SQL request to decrypt the value into a host variable.

It would make sense to use a database file if we were using "Magic
Cookie" authentication, in which each user would have a separate
"magic cookie" that would have to be stored, but this is exactly one
"consumer secret" per installation.

Or perhaps make sense to use a database of multiple customers, if the server were being used to serve those multiple customers, and a server from which the external service was being invoked. That is what I had inferred was possibly the scenario; i.e. for which I wondered if a database file of customers might already exist.

There was nothing in the original post to suggest that there was only "one 'consumer secret' per installation" as has since been implied [in the quoted text] about the scenario. Thus I could only have inferred that was the intent, but unfortunately, my crystal-ball is still out for cleaning ;-)

Regards, Chuck