Hacker News new | past | comments | ask | show | jobs | submit login

It would be pretty easy to make the system work with private keys and signed headers or even client certificates. You could stop people from sharing by putting a high enough limit on how much you could access or even just from how many ips (ie only two distinct ips in any given 60 minute window) it could be access from. Normal users would never hit those limits, of course, but pretty quickly you would hit those if you shared your access tokens.



Limiting by IP is a horrid (or worse) idea as they are dynamic, esp . nowadays with free wifi access and 3G (or 4G).

There are ways to implement quotas based on certs and revocation but it's too cumbersome to become mass use.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: