> On Aug 17, 6:27 am, Chris Babcock <cbabc...@kolonelpanic.org> wrote: > > > When you know your code is going to be seen you either avoid doing > > stupid things like hard coding credentials or you learn fast that > > configuration data is not code. > > Fair enough. So how do you do it? How do I distribute a desktop or > mobile device application - open source or closed - that uses my OAuth > credentials in such a way as to protect my credentials from being > discovered? > > Seriously, how do you do that?
You don't distribute your credentials with the App. You include a README file that tells implementors how to get and install their own keys. Chris Babcock