When you store access tokens in the PHP file you really only have to worry
about your server configuration "leaking" the PHP file without compiling it
or someone getting terminal access to your server.

If someone is able to read the contents of your PHP file you can reset the
application key on http://dev.twitter.com/apps.

Abraham
-------------
Abraham Williams | Hacker Advocate | http://abrah.am
@abraham | http://projects.abrah.am | http://blog.abrah.am
This email is: [ ] shareable [x] ask first [ ] private.


On Wed, Aug 11, 2010 at 10:21, Skygazer <marc.bouc...@gmail.com> wrote:

> Using Abraham Williams twitteroauth library I used this base code to
> post Twitter. Is it that simple?
>
> Of course my app code is actually longer. I'm writing an app that
> takes new news stories posted to our web site and automatically tweets
> them.
>
> A question though: What's the best way to handle $access_key which is
> the oauth_token and $access_secret which is the oauth_token_secret?
> I've read they should not be readable in your php code.
>
> <?php
> $consumer_key = "12345";
> $consumer_secret = "6789";
> $access_key = "12345";
> $access_secret = "6789";
>
> require_once('twitteroauth/twitteroauth.php');
>
> $connection = new TwitterOAuth ($consumer_key ,$consumer_secret ,
> $access_key , $access_secret );
> $connection->post('statuses/update', array('status' => "my tweet"));
> ?>

Reply via email to