Hi there,
We have a change ready to be deployed to help secure applications
like this. Since the change is not backward compatible I gave 7 days
notice to the list here. I'll deploy the change the beginning of next
week so you can incorporate the changes. After those changes having a
known consumer key/secret will be secured using a PIN. Stay tuned for
more details once the change launches.
Thanks;
– Matt Sanford / @mzsanford
Twitter Dev
On May 29, 2009, at 1:04 PM, semifor wrote:
Is it safe and appropriate to include consumer key and secret in OSS
desktop applications? That will make them publicly available on the
Internet.
This, of course, would allow anyone to copy the credentials and use
them in a different application. As long as Twitter tracks and deals
with abuse by user rather than by application, that shouldn't be a
problem, right?
If it isn't safe or appropriate to include consumer key and secret,
then what's the alternative?
