Search found 16 matches

by devinbost
Sun Aug 01, 2021 12:48 am
Forum: General Discussions
Topic: Lifetime ban from all Church property
Replies: 3
Views: 322

Lifetime ban from all Church property

I heard from a temple security employee that it's actually possible in extreme cases for a person to get a lifetime ban from all Church property through an action from Church headquarters. This is the second time I've heard about this. (The last time I heard about it was from someone who provided co...
by devinbost
Sat Jul 28, 2018 1:07 am
Forum: Links & Resources
Topic: API for Directory Web App
Replies: 74
Views: 25977

Re: API for Directory Web App

I wonder how many people would donate to a technology fund if the Church started allowing donations to be provided through lds.org for improving the Church's available software.
by devinbost
Fri Jul 27, 2018 7:30 am
Forum: Links & Resources
Topic: API for Directory Web App
Replies: 74
Views: 25977

Re: API for Directory Web App

As I'm thinking about it, if this ExternalUsageID method was implemented, the Church could utilize a machine learning application to automatically code-review or audit member-developer applications to check that they aren't storing any sensitive data, though it wouldn't be perfect, so they would sti...
by devinbost
Fri Jul 27, 2018 7:18 am
Forum: Links & Resources
Topic: API for Directory Web App
Replies: 74
Views: 25977

Re: API for Directory Web App

Also, for most applications, you'd absolutely need some way to be able to track or collect data on some level. However, if the Church provided an ID for each member that was unique but contained no personally identifiable information, such as an ExternalUsageID integer field, then information tracke...
by devinbost
Fri Jul 27, 2018 12:24 am
Forum: Links & Resources
Topic: API for Directory Web App
Replies: 74
Views: 25977

Re: API for Directory Web App

I think giving individual members the ability to opt-in and opt-out in a controlled way to each specific API consumer (meaning each specific member-developer-created application) that desires to access their data would be the only possible way I could see something like this happening. In such a cas...
by devinbost
Mon Jul 23, 2018 2:33 am
Forum: Links & Resources
Topic: API for Directory Web App
Replies: 74
Views: 25977

Re: API for Directory Web App

So you're saying that if the Church created the API correctly, it would be impossible for an app created by a member-developer to create a situation that could result in membership data being leaked in a way that could have been prevented if the developer had not been able to have programmatic acce...
by devinbost
Sun Jul 22, 2018 11:22 pm
Forum: Links & Resources
Topic: API for Directory Web App
Replies: 74
Views: 25977

Re: API for Directory Web App

Absolutely: as the developer, follow all the OWASP guidelines for preventing XSS/CSRF and similar attacks, or only use libraries that have certified that they follow those guidelines. . . And then 100% of the security issues you are worried about reduce to simply, "Is the antivirus software on...
by devinbost
Sun Jul 22, 2018 10:18 pm
Forum: Links & Resources
Topic: API for Directory Web App
Replies: 74
Views: 25977

Re: API for Directory Web App

(2) However, more importantly, you don't need to use SSO at all to make this all work, assuming you don't mind giving your login name and password directly to a custom Android app or website (this is the entire purpose of OAuth/OAuth2, to prevent you having to give your creds to a 3rd party -- but ...
by devinbost
Sat Jul 21, 2018 1:17 am
Forum: Links & Resources
Topic: API for Directory Web App
Replies: 74
Views: 25977

Re: API for Directory Web App

devinbost -- you are right, security is a hard problem in general. But you are very much over-complicating the problem. The Church already has a login system, with its own security measures in place, and to use the JSON API, you have to authenticate through that login system. That means that to cre...
by devinbost
Thu Jul 12, 2018 7:42 pm
Forum: Links & Resources
Topic: API for Directory Web App
Replies: 74
Views: 25977

Re: API for Directory Web App

The issue that I've been concerned about is related but has been more policy focused. I posted the details of the Church policy mismatch here: https://tech.lds.org/forum/viewtopic.php?f=4&t=31784 In my case, I was wondering if an application would be permitted for Church purposes in a local ward...

Go to advanced search