Two secret tokens in Sensor object

Nuanda / smogmapper

Smog Mapper

http://smogmapper.smogathon.pl/

1 stars 0 forks source link

Two secret tokens in Sensor object #45

Open mkasztelnik opened 8 years ago

mkasztelnik commented 8 years ago

I was thinking about authorization for readings registration. Usage of one token, which will be printed on the sensor can lead to fraud generation (e.g. simple bash script with curl). Maybe it would be possible to have 2 tokens. One printed on the sensor and known to the sensor keeper (used to update sensor location and name) and the second one programmed on the sensor (and know only to sensor creator, used to register new readings).

@Nuanda what do you think?

Nuanda commented 8 years ago

i have proposed that some time ago. But we assume all sensor keepers are to be trusted, so I only did that to make their lives a little bit easier. Bot with 12-letter tokens they should be able to type that in for registration anyway.

Nuanda commented 8 years ago

Other solutions include QR core printed as a sticker on the sensor device ;). Yet another - 'detecting' the user device by asking her to turn off and on the device in a specific moment of time.