Also, the consumer secret is harder to get since its not sent as a parameter.
Ryan Sent from my DROID On Jan 18, 2010 7:18 PM, "Abraham Williams" <4bra...@gmail.com> wrote: It would be less work for me to run charles proxy and see catch the consumer key/secret in transit then to decompile it and figure out where in the code it is actually stored when distributed with the app. Previously with basicauth you could use anybodies source param and spoof their application. At least with OAuth you have to acquire their consumer key/secret first. You guys are all freaking out about this when this is how the internet works. Just look at email. With a single line of PHP I can send any of you an email from any email address.* Abraham *There technologies to stop this but very few mail servers use them. Currently Gmail refuses email from paypal.com unless it is signed by their key. On Mon, Jan 18, 2010 at 15:35, M. Edward (Ed) Borasky <zzn...@gmail.com> wrote: > > > > On Jan 18,... -- Abraham Williams | Moved to Seattle | May cause email delays Project | Intersect | http://intersect.labs.poseurtech.com Hacker | http://abrah.am | http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private.