> We just updated our Twitter plugin for WordPress to use the new OAuth > API. Someone just asked if it was safe to store the consumer key and > consumer secret in plain text (which it basically has to be as I > understand it, since ultimately it needs to be sent to the server in a > plain text form). I can't really think of a way that would work for > all end users to protect the two. Ultimately I guess this means that > someone could pretend to be our application if they wanted? Anyone > have any thoughts on this or any possible work arounds?
Speaking from personal experience, Twitter will not allow you to have your consumer secret in plain text in (visible form in) your code. I am working with Raffi and Taylor on a solution for this with scripted apps where such a secret must be handled securely. -- ------------------------------------ personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * [email protected] -- All I ask is a chance to prove money can't make me happy. ------------------
