> By credentials, I meant the OAuth tokens, consumer keys, etc.
> 
> Wouldn't they be visible to the browser/desktop-client? And hence, couldn't
> they be copied and reused by somebody so determined?

Not necessarily the tokens, but the consumer keys could be extracted. This is
an acknowledged failing of OAuth, and has been discussed quite a bit here
before (search the archives).

-- 
------------------------------------ personal: http://www.cameronkaiser.com/ --
  Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com
-- In defeat, unbeatable; in victory, unbearable. -- Churchill, on Montgomery -

Reply via email to