preserving consumer key secrecy (was: Re: [twitter-dev] Re: Basic Auth Deprecation)
On Wed, Apr 14, 2010 at 18:26, Raffi Krikorian ra...@twitter.com wrote: yes, it could be a problem - however, there are known solutions to obfuscating and keeping your consumer key secret. not perfect, but pretty good. maybe we can start a discussion around this? What's the known solution for an open-source Web-based application that I want to distribute to the world[1]? Make people get their own key is not an acceptable solution; neither is proxy all requests through your own web site and add the secret there. [1]: http://github.com/genehack/app-status-skein john.
Re: preserving consumer key secrecy (was: Re: [twitter-dev] Re: Basic Auth Deprecation)
yes, it could be a problem - however, there are known solutions to obfuscating and keeping your consumer key secret. __not perfect, but pretty good. __maybe we can start a discussion around this? What's the known solution for an open-source Web-based application that I want to distribute to the world[1]? Make people get their own key is not an acceptable solution; neither is proxy all requests through your own web site and add the secret there. I had the same question and was very gratified to find out that Raffi is in fact working on this very problem with the next draft of oAuth. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- mouse, n: A device for pointing at the xterm in which you want to type. -- To unsubscribe, reply using remove me as the subject.
Re: preserving consumer key secrecy (was: Re: [twitter-dev] Re: Basic Auth Deprecation)
Why not just distribute a key with it? The worst that happens is someone uses it in their app and it gets disabled and some people get pissed off at you. I have yet to hear of this happening to a Twitter application. If someone abuses your key and Twitter does not handle the situation well I will personally call Sarver to bitch. :-P Abraham On Thu, Apr 15, 2010 at 02:09, John SJ Anderson geneh...@gmail.com wrote: On Wed, Apr 14, 2010 at 18:26, Raffi Krikorian ra...@twitter.com wrote: yes, it could be a problem - however, there are known solutions to obfuscating and keeping your consumer key secret. not perfect, but pretty good. maybe we can start a discussion around this? What's the known solution for an open-source Web-based application that I want to distribute to the world[1]? Make people get their own key is not an acceptable solution; neither is proxy all requests through your own web site and add the secret there. [1]: http://github.com/genehack/app-status-skein john. -- Abraham Williams | Developer for hire | http://abrah.am PoseurTech Labs | Projects | http://labs.poseurtech.com This email is: [ ] shareable [x] ask first [ ] private. -- To unsubscribe, reply using remove me as the subject.
