Azure Mobile Sevices Access Key placement

Apr 24, 2013 at 1:54 PM
Edited Apr 24, 2013 at 1:56 PM
I was just watching the Data Acceess section of the MS virtual academy course "Developing Windows Store Apps with HTML5 Jump Start". In the Demo the mobile services access key was hard coded. It was mentioned that the key could be changed in the future if needed.

If the key can be dynamically changed, from a best practices perspective, where should it be stored? can you point me to some guidance on the topic? My concern is around what happens to previously deployed apps If I need to change my key.

Thanks! and great work on CodeShow and the virtual course very helpful.
Apr 24, 2013 at 2:03 PM
The key must go to the client device and nothing on the client should be considered safe. Even if you make it very difficult for people by obfuscating code or whatever else, you should count on the fact that it will be hacked.

That said, you may wish to authenticate your users and then require authentication for access to WAMS tables.
Marked as answer by codefoster on 4/17/2014 at 3:13 PM