Hi, I'm working on a web app project that require Picasa Access, and from reading the documentation and researches, I can't find a Read-Only access scope. I realize that if my app get hacked, the bad guys can potentially use the refresh tokens to delete photos off of user accounts. Unless someone here can tell me a secret undocumented scope that allow apps Read-Only access, I'm having to redesign the infrastructure so that the web app make calls to another secure server that actually stores the refresh tokens, secret key, and make the API calls.
My question (beside why is in name of small fluffy animals Google didn't make a read-only scope) is how does everyone else here who do web applications secure their secret key and refresh token to prevent the security scenario stated above? -- You received this message because you are subscribed to the Google Groups "Google Picasa Web Albums API" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-picasa-data-api/-/mffY-iCms0wJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-picasa-data-api?hl=en.
