Surely if the 'secret' is available to your client app, then by definition it's also available to anyone who is able to reverse engineer your client app. Whatever your client app does to retrieve the secret, someone able to reverse engineer the app can mimic in order to also obtain the secret. What you are asking for therefore looks to me to be impossible. The best you can do is sufficiently obfuscate the means by which your app obtains the secret as to make it very hard for someone to reverse engineer the process.
Or of course rethink the architecture at a very high level. (Force clients to register and maintain a central database of who is allowed to register?) =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
