Hi, The reason why client libraries allow an auth.ini (or equivalent) is to make the "up and running" time lower for a new user. However, all libraries provide an additional constructor that allows you to provide these values at runtime, so you don't have to leave anything in your auth.ini. The PHP libary constructor is here:
http://code.google.com/p/google-api-adwords-php/source/browse/trunk/src/Google/Api/Ads/AdWords/Lib/AdWordsUser.php#109 You could implement whatever data protection mechanisms you wish to, and load the relevant data at runtime. As for username/password: There are couple of additional items worth mentioning: 1. Turn on 2Factor authentication for your account. Then generate an application-specific password to make AdWords API calls. See http://support.google.com/accounts/bin/answer.py?hl=en&answer=180744&rd=1 for details. 2. Implement OAuth2: There is a web application in the PHP client library distribution that shows how to use it. I can't find an OAuth2 guide for the PHP library online, but you could refer to the Google API guide at https://developers.google.com/accounts/docs/OAuth2 to understand the OAuth2 concepts. Using OAuth2 allows you to skip saving the username/password on your server. Cheers, Anash P. Oommen, AdWords API Advisor. On Tuesday, 30 October 2012 22:14:44 UTC+5:30, Mirror wrote: > > Hello! > > Can you advise to organize the best protection? > > I have developerToken and I use email and pass from google account and get > authtoken. After this I erase password from anywhere from server :) > > I erase values and commented the line in Library auth.ini: > ; email = "" > ; password = "" > ; developerToken = "" > ; authtoken = ‘’ > > I don’t use: oauth_consumer_key, oauth_consumer_secret, > oauth_token_secret, > because I don’t know how it use:) > > In the inside of my script, I use only email, developertoken, authtoken, > like as $email, $dt, $at, for example. > BUT! they are there in the open view! > I mean, if somebody on the server will open myscript.php, they see the > value of this variables. And they can damaged my account or company, etc. > > Can you show on the example how to organize the best protection? > -- =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ Also find us on our blog and discussion group: http://adwordsapi.blogspot.com http://groups.google.com/group/adwords-api =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To post to this group, send email to adwords-api@googlegroups.com To unsubscribe from this group, send email to adwords-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/adwords-api?hl=en