On 01/30/2010 02:43 PM, Isaiah Carew wrote:
> So, in simple language:  Twitter's policy is that *every user* of
> *every open source client* register as a *new twitter application*?
> Or, have I misinterpreted something?  And if so, could you explain
> further what mean?

If that were the case, then it would be the requirement for all desktop
apps.  Open source just makes it easier to grab the key; if you stick
your keys in your Air or .NET app, they can still be grabbed.

Basically, if you're doing a desktop app (of any kind) with OAuth, there
is a risk that your consumer key will be misappropriated.  The OAuth
spec explicitly acknowledges this, stating that the consumer key/secret
is cannot necessarily be trusted to securely identify the consumer.

- Michael

mouse, n: A device for pointing at the xterm in which you want to type.
Confused by the strange files?  I cryptographically sign my messages.
For more information see <http://www.elehack.net/resources/gpg>.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to