The reason you don't want to give out YOUR consumer key and consumer secret
in your open-source code is because somebody could download your code, make
malicious changes to make it do something bad, and now their app looks
exactly like yours to Twitter since the consumer keys are the same.  So when
that app starts causing problems for users, it YOU that they start


On Mon, Jan 18, 2010 at 2:32 PM, John Meyer <> wrote:

> On 1/18/2010 12:22 PM, ryan alford wrote:
>> There is a difference between giving your application to others to
>> install and use, and others downloading your code for their own
>> applications.
>> If a user is installing your application to use, then your code would
>> include your consumer key.
>> If a user is downloading your open source code to use for their own app,
>> then they need to get their own consumer key to relate to their app.
>> Ryan
> An addendum.
> If you were seriously concerned about others grabbing those codes you could
> specify that the app fetches those keys from an ftp server or some sort of
> web service that you ran.  But I would guess that this would be a bit more
> paranoid than what you are trying to prevent.

Reply via email to