Why not just distribute a key with it? The worst that happens is someone uses it in their app and it gets disabled and some people get pissed off at you. I have yet to hear of this happening to a Twitter application. If someone abuses your key and Twitter does not handle the situation well I will personally call Sarver to bitch. :-P
Abraham On Thu, Apr 15, 2010 at 02:09, John SJ Anderson <geneh...@gmail.com> wrote: > On Wed, Apr 14, 2010 at 18:26, Raffi Krikorian <ra...@twitter.com> wrote: > > yes, it could be a problem - however, there are known solutions to > > obfuscating and keeping your consumer key secret. not perfect, but > pretty > > good. maybe we can start a discussion around this? > > What's the known solution for an open-source Web-based application > that I want to distribute to the world[1]? "Make people get their own > key" is not an acceptable solution; neither is "proxy all requests > through your own web site and add the secret there". > > [1]: http://github.com/genehack/app-status-skein > > > john. > -- Abraham Williams | Developer for hire | http://abrah.am PoseurTech Labs | Projects | http://labs.poseurtech.com This email is: [ ] shareable [x] ask first [ ] private. -- To unsubscribe, reply using "remove me" as the subject.