Correct way to safely store token/secret/etc from OAuth?
Posted
by viatropos
on Stack Overflow
See other posts from Stack Overflow
or by viatropos
Published on 2010-05-03T21:48:57Z
Indexed on
2010/05/03
22:08 UTC
Read the original article
Hit count: 270
I just started looking into OAuth and it looks really nice. I have oauth with twitter working in ruby right now.
Now I'm wondering, what is the recommended safe way to store the responses in my local database and session?
- What should I store?
- Where should I store it?
This example twitter-oauth-with-rails app stores a user.id
in the session, and the user table has the token
and secret
. But that seems like it'd be really easy to hack and get the secret by just passing in a slew of test user ids, no?
© Stack Overflow or respective owner