[SECURITY] API authentication

A place for developers to advertise their TheTVDB.com enabled app and get help from other developers with the API.
Post Reply
knossos
Posts: 9
Joined: Thu Oct 15, 2015 2:53 am

Sun Oct 01, 2017 8:23 am

When authenticating to the v2 API, there is currently no way to validate the authentication. As noted in the stickied Phishing Sites announcement, TheTVDB.com has been targeted before.

As I'm developing a python library for TheTVDB.com and security is a priority, it's important to have a way to validate the authentication token. Publishing the public key so the claims can be verified would go a long way to increasing api security.
DarklightIndigo
Just zis guy, you know?
Posts: 7661
Joined: Sun Apr 27, 2014 7:16 am
Location: San Francisco
Contact:

Sun Oct 01, 2017 12:56 pm

The authentication should be better validated, but you apparently missed the point of that entire post. No amount of validation is going to protect a user woefully naïve enough to hand over their credentials to a third-party site, as we cannot (and should not) control how external sites handle that information.

Still, this is worth having the devs look into it.
Strangers are just the friends we haven't met yet.
Post Reply