Couple of suggestions

Avatar

Avatar

daveyha

Avatar

daveyha

daveyha

15-09-2009

Hi-

First, it's great to have AFCS - makes it real easy to build collaborative apps.

I have a couple of suggestions though:

1. Having to have your Adobe user name and password stored in your web app to do the server integration stuff is real bad (password antipattern). You guys should implement OAuth (or similar) so if someone steals the secret in my web app, they don't get access to my whole Adobe account. Really there should be a secret I can use to authentication to the AFCS server integration piece which only allows createRoom/deleteRoom etc. And I should be able to revoke permission on that if it gets stolen.

2. Regarding room timeout. I understand this is possible from Flex in the client. But it would be great to be able to specify a timeout when creating a room through server integration. I want to be able to create rooms from my web app and be sure they're live for a bounded amount of time. I don't want to rely on the room owner to delete them. Sure I can write a periodic check to do this myself and store the creation times in a database. But I just wanted to let you know that if you exposed the existing roomTimeout to server integration then it would save a bit of work.

Keep up the good work guys-

David

View Entire Topic

Avatar

Avatar

coulix

Avatar

coulix

coulix

06-12-2009

Hello,

If your backend is in python (GAE) in my case i just put the adobe user/pass/url for account manager in local_settings.py.

Using a CVS solution settings.py does not contain these private info, local_settings is only present on the prod server.

Greg