On 25/02/2014 13:44, Alexander Farber wrote:
And there was no way to store the OAuth "app secret" string on the server.
And thus I know that my app is vulnerable (for impersonation of other
users) and the ease of AIR decompilation doesn't help there.
I think you keep insisting, that it's possible to keep the secret part
outside the app, because you haven't really implemented such an app from
beginning to the end.
It's certainly possible for some applications because I've done it :-)
Are you are using 'login with Facebook' or something in your app then ?
By loading a browser frame from the AIR app etc. ?
Tom
