On Jan 18, 11:48 am, Dossy Shiobara <do...@panoptic.com> wrote:
> Seriously, are we still beating this dead old horse?
>
> Closed or open source doesn't matter.  The fact that a consumer key and
> secret (!) are redistributed = design FAILURE.
>
> It's trivial to recover the consumer key and secret from a closed source
> application, which can in turn be used in a malicious application ...
>
> The consumer key and secret CANNOT be used as a form of application
> authentication.  It's not trustworthy enough.  This is an inherent
> design deficiency in OAuth.

If that's the case, then *desktop* Twitter applications are not a
viable business model. You *must* have a server, with the extra
overhead that involves, and the extra cost that must be passed on to
your customers, in order to protect yourself and Twitter from
malicious users. Given the other limitations of the desktop
application model, e.g., no production access to the Streaming API and
no easy mobile deployment options, it's seriously looking like I am
wasting my time developing desktop applications. Sigh ... off to do
some more research ...

--
M. Edward (Ed) Borasky
http://borasky-research.net/smart-at-znmeb

"A mathematician is a device for turning coffee into theorems." ~ Paul
Erdős

Reply via email to