That's not all that secure, eventually it will be loaded into memory
and can be found by any hacker with some patience. As soon as you
distribute any sort of data it is no longer private. You're average
Joe might not be able to find it, but any skilled hacker will. And
after all the average Joe does not care anyways about OAuth tokens
("what's oauth?"), but hackers do. So you're kind of blocking the
wrong person, it's the hacker you want to stop.
On Sun, Jan 31, 2010 at 2:28 AM, <scott.a.herb...@googlemail.com> wrote:
> I 100% agree.
> But another idea just struck me, why not put the OAuth part of your app in a
> DLL (at lest the authentication and communication with twitter part) and hard
> code it their.
> You lose some of the open source nature of the app but it will be secure.
> Sent using BlackBerry® from Orange
> -----Original Message-----
> From: Cameron Kaiser <spec...@floodgap.com>
> Date: Sat, 30 Jan 2010 23:02:18
> To: <email@example.com>
> Subject: Re: [twitter-dev] Re: a security problem puzzled me about using oauth
> in Desktop Client
>> OAuth as-is just wasn't designed for desktop apps, period. Square peg,
>> round hole. If Twitter is insisting on it, I'd rather this was
>> portrayed as a trade-off for increased user security, than a solvable
>> problem -- I don't think it is.
> ------------------------------------ personal: http://www.cameronkaiser.com/
> Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com
> -- "I'd love to go out with you, but I'm in perpetual denial."