exactly.  and for those who think their closed-source oauth app hides
their app key and secret, have you ever run "strings" on your binary?

(for those keeping score, it's basic auth: 2, oauth: 0)

thanks!

Joseph Cheek
@cheekdotcom

JDG wrote:
> Which eliminates one of the biggest features of OAuth for a lot of
> app-writers -- the ability to put their app in the "source" parameter,
> thus eliminating the biggest piece of marketing they have.
>
> On Mon, Aug 17, 2009 at 08:59, Chris Babcock <cbabc...@asciiking.com
> <mailto:cbabc...@asciiking.com>> wrote:
>
>
>
>     > On Aug 17, 6:27 am, Chris Babcock <cbabc...@kolonelpanic.org
>     <mailto:cbabc...@kolonelpanic.org>> wrote:
>     >
>     > > When you know your code is going to be seen you either avoid doing
>     > > stupid things like hard coding credentials or you learn fast that
>     > > configuration data is not code.
>     >
>     > Fair enough. So how do you do it? How do I distribute a desktop or
>     > mobile device application - open source or closed - that uses my
>     OAuth
>     > credentials in such a way as to protect my credentials from being
>     > discovered?
>     >
>     > Seriously, how do you do that?
>
>     You don't distribute your credentials with the App. You include a
>     README file that tells implementors how to get and install their own
>     keys.
>
>     Chris Babcock
>
>
>
>
> -- 
> Internets. Serious business.

Reply via email to