https://blog.thomasdurand.fr/tags/security/Recent content in Security on Dean’s blogHugoen-usThu, 14 Dec 2023 20:00:00 +0100https://blog.thomasdurand.fr/story/2023-12-14-dont-ship-api-keys/Thu, 14 Dec 2023 20:00:00 +0100https://blog.thomasdurand.fr/story/2023-12-14-dont-ship-api-keys/<p>Not so long ago, I read about <a href="https://augmentedcode.io/2023/11/27/using-on-demand-resources-for-securely-storing-api-keys-in-ios-apps/" target="_blank" rel="noopener noreferrer">this article</a> from <a href="https://mastodon.social/@toomasvahter" target="_blank" rel="noopener noreferrer">Thomas Vahter</a> suggesting the distribution of API keys through on-demand resources. Although this approach is appealing, I suggest a different approach: avoid shipping your API keys at all costs!</p>https://blog.thomasdurand.fr/story/2018-01-31-how-anyone-could-feed-my-cat/Wed, 31 Jan 2018 12:00:00 +0000https://blog.thomasdurand.fr/story/2018-01-31-how-anyone-could-feed-my-cat/<p>As a software engineer for <a href="https://www.dilitrust.com/en/" target="_blank" rel="noopener noreferrer">DiliTrust</a>, I think software security as a primary feature for any kind of product or software. Every time we heard a story about any kind of security flaw, we take it seriously: how is that possible? Am we directly or indirectly impacted?</p> <p>Well, I guess I wasn’t yet prepared for my last discovery.</p>