Navigation

    SmartAPI Forum
    • Register
    • Login
    • Search
    • Categories
    • Popular
    • Groups
    • FAQs
    • API Docs

    security concern with GenerateSession method of SmartApi class .net

    C#/.Net SDK
    2
    2
    26
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fcoder last edited by

      HI,
      I found below code which is concerning from security reasons. Smartapi class has function name Generatesession which is used to generate required token. However, below code post userid and password in plain text which is vulnerable from security perspective. Please confirm. Also, please let me know with we encode same string using any encoding technique will serve be able to decrypt information and provide required tokens.

        public OutputBaseClass GenerateSession(string clientcode, string                                                                password)
        {
            OutputBaseClass res = new OutputBaseClass();
            res.status = true;
            res.http_code = "200";
            try
            {
                AngelTokenResponse agr = new AngelTokenResponse();

                string URL = APIURL + "/rest/auth/angelbroking/user/v1/loginByPassword";

                string **PostData = "{\"clientcode\":\"" + clientcode + "\",\"password\":\"" + password + "\"}";**
      A 1 Reply Last reply Reply Quote 0
      • A
        admin @fcoder last edited by

        HI @fcoder Connect us at api@angelbroking.com

        1 Reply Last reply Reply Quote 0
        • First post
          Last post