Twitter xAuth vs open source

Posted by Yorirou on Stack Overflow See other posts from Stack Overflow or by Yorirou
Published on 2010-05-17T18:21:13Z Indexed on 2010/05/17 18:40 UTC
Read the original article Hit count: 313

Filed under:
|
|
|

Hi

I am developing an open source desktop twitter client. I would like to take advantage on the new xAuth authentication method, however my app is open source which means that if I put the keys directly into the source file, it may be a vulnerability (am I correct? The twitter support guy told me).

On the other hand, putting the key directly into a binary also doesn't make sense. I am writing my application in python, so if I just supply the pyc files, it is one more seconds to get the keys, thanks to the excellent reflection capatibilities of Python. If I create a small .so file with the keys, it is also trivial to obtain the key by looking at the raw binary (keys has fixed length and character set).

What is your opinion? Is it really a secutiry hole to expose the API keys?

© Stack Overflow or respective owner

Related posts about open-source

Related posts about twitter