On Jan 18, 11:48 am, Dossy Shiobara <do...@panoptic.com> wrote: > Seriously, are we still beating this dead old horse? > > Closed or open source doesn't matter. The fact that a consumer key and > secret (!) are redistributed = design FAILURE. > > It's trivial to recover the consumer key and secret from a closed source > application, which can in turn be used in a malicious application ... > > The consumer key and secret CANNOT be used as a form of application > authentication. It's not trustworthy enough. This is an inherent > design deficiency in OAuth.
If that's the case, then *desktop* Twitter applications are not a viable business model. You *must* have a server, with the extra overhead that involves, and the extra cost that must be passed on to your customers, in order to protect yourself and Twitter from malicious users. Given the other limitations of the desktop application model, e.g., no production access to the Streaming API and no easy mobile deployment options, it's seriously looking like I am wasting my time developing desktop applications. Sigh ... off to do some more research ... -- M. Edward (Ed) Borasky http://borasky-research.net/smart-at-znmeb "A mathematician is a device for turning coffee into theorems." ~ Paul Erdős