exactly. and for those who think their closed-source oauth app hides their app key and secret, have you ever run "strings" on your binary?
(for those keeping score, it's basic auth: 2, oauth: 0) thanks! Joseph Cheek @cheekdotcom JDG wrote: > Which eliminates one of the biggest features of OAuth for a lot of > app-writers -- the ability to put their app in the "source" parameter, > thus eliminating the biggest piece of marketing they have. > > On Mon, Aug 17, 2009 at 08:59, Chris Babcock <cbabc...@asciiking.com > <mailto:cbabc...@asciiking.com>> wrote: > > > > > On Aug 17, 6:27 am, Chris Babcock <cbabc...@kolonelpanic.org > <mailto:cbabc...@kolonelpanic.org>> wrote: > > > > > When you know your code is going to be seen you either avoid doing > > > stupid things like hard coding credentials or you learn fast that > > > configuration data is not code. > > > > Fair enough. So how do you do it? How do I distribute a desktop or > > mobile device application - open source or closed - that uses my > OAuth > > credentials in such a way as to protect my credentials from being > > discovered? > > > > Seriously, how do you do that? > > You don't distribute your credentials with the App. You include a > README file that tells implementors how to get and install their own > keys. > > Chris Babcock > > > > > -- > Internets. Serious business.