Why would you be required to have a server? To keep your consumer key and
consumer secret out of your app? It's not required. Mine are stored in a
database that is coupled with my application. The database is password
protected, so nobody is getting in.
On Mon, Jan 18, 2010 at 4:27 PM, M. Edward (Ed) Borasky <zzn...@gmail.com>wrote:
> On Jan 18, 11:48 am, Dossy Shiobara <do...@panoptic.com> wrote:
> > Seriously, are we still beating this dead old horse?
> > Closed or open source doesn't matter. The fact that a consumer key and
> > secret (!) are redistributed = design FAILURE.
> > It's trivial to recover the consumer key and secret from a closed source
> > application, which can in turn be used in a malicious application ...
> > The consumer key and secret CANNOT be used as a form of application
> > authentication. It's not trustworthy enough. This is an inherent
> > design deficiency in OAuth.
> If that's the case, then *desktop* Twitter applications are not a
> viable business model. You *must* have a server, with the extra
> overhead that involves, and the extra cost that must be passed on to
> your customers, in order to protect yourself and Twitter from
> malicious users. Given the other limitations of the desktop
> application model, e.g., no production access to the Streaming API and
> no easy mobile deployment options, it's seriously looking like I am
> wasting my time developing desktop applications. Sigh ... off to do
> some more research ...
> M. Edward (Ed) Borasky
> "A mathematician is a device for turning coffee into theorems." ~ Paul