> On Aug 17, 6:27 am, Chris Babcock <cbabc...@kolonelpanic.org> wrote:
> 
> > When you know your code is going to be seen you either avoid doing
> > stupid things like hard coding credentials or you learn fast that
> > configuration data is not code.
> 
> Fair enough. So how do you do it? How do I distribute a desktop or
> mobile device application - open source or closed - that uses my OAuth
> credentials in such a way as to protect my credentials from being
> discovered?
> 
> Seriously, how do you do that?

You don't distribute your credentials with the App. You include a
README file that tells implementors how to get and install their own
keys.

Chris Babcock

Reply via email to