Point (a):
Ideally the OTP API has to be open so that anyone can login, nothing can be done here.
Point (b): It can be optimized up to a certain instant if the OTP has a less TTL (store the OTP into the server cache instead of DB which will help faster verification, easy TTL setup and no extra script to delete those OTPs later).
Point (c):
Ideally all the application has the same approach, (If you have to token, all possible APIs can be accessed)
But in case extra security is required, one can disable the Cross site resource sharing and only allow access through our own app (by modifying entry in the host file if the server)
Thanks for answering @sateeshpandey
, but I could not understand Point(c), i.e how can I disable the cross site resource sharing.....
The last was little tough, could you please elaborate.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Point (a):
Ideally the OTP API has to be open so that anyone can login, nothing can be done here.
Point (b): It can be optimized up to a certain instant if the OTP has a less TTL (store the OTP into the server cache instead of DB which will help faster verification, easy TTL setup and no extra script to delete those OTPs later).
Point (c):
Ideally all the application has the same approach, (If you have to token, all possible APIs can be accessed)
But in case extra security is required, one can disable the Cross site resource sharing and only allow access through our own app (by modifying entry in the host file if the server)
Thanks for answering @sateeshpandey , but I could not understand Point(c), i.e how can I disable the cross site resource sharing.....
The last was little tough, could you please elaborate.