Then you can use anonymous OAuth, though it isn't safer than normal OAuth using consumer key&secret.
On 2009/12/01, at 14:02, hitoshi uchida wrote: > Dear nov, > thank you for your advice. > >> In that environment, token secret can be hidden? > > Though the token secret is stored untill obtaining > access token to compute signature, > the token secret can be hidden. > >> If not, you shouldn't use anonymous OAuth. >> If you cannot hide consumer secret (or private key when using RSA- >> SHA1) neither, you might should use OAuth proxy. > > The consumer key and value are fixed as 'anonymous'. > However as you mentioned, I could use the specific mode > in my case because the token secret can be hidden. > > >> >> thanks >> nov matake >> >> On Nov 28, 9:50 pm, hitoshi uchida <[email protected]> wrote: >> >> >> >>> Hi all, >> >>> Concerning 'anonymous' mode supported Google OAuth provider for >>> installed application, is it always safe to use the specific mode in >>> consumer services ? >> >>> I would like to execute a consumer service which can't be reachable >>> because it is executed in user's LAN environment, and the service >>> retrieves user' datas from GData service. >>> So I have a secutiry concern about the 'anonymous' mode. >> >>> Regards, >>> Hitoshi Uchida > > -- > > You received this message because you are subscribed to the Google Groups > "OAuth" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/oauth?hl=en. > > -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
