What I've done is used my server to sign requests for the Flex app, so the secret key is not in the actionscript source code.
Shan On Jun 8, 8:04 am, Justin Richer <[email protected]> wrote: > There are a couple of recent threads here talking about this very > problem. You're right in thinking that a consumer key/secret passed to > the app like that is not secure and could be copied over to another > app. For one approach, Google's has been to use anonymous/anonymous as > the key/secret pair and have the SP know that this is a special > untrusted pairing. But the short answer is that, as far as I know, > there is not a direct solution to this issue yet. > > Check the archives of this list here for posts desktop/heavy apps for > more info. > > -- justin > > On Jun 8, 1:58 am, joaquindiez <[email protected]> wrote: > > > > > Hi all, > > > I am developing my first Flex Widget and I have to use OAuth to access > > the provider information. This provider has give the access key and > > secret. > > > The question is if it is secure enough to store it hardcoded in the > > widget ( I do not think so)....or if some of you have use another > > solution on a similar problem...like in Iphone application.. or > > desktop applications that use OAUTH. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
