Twitter xAuth vs open source
Posted
by Yorirou
on Stack Overflow
See other posts from Stack Overflow
or by Yorirou
Published on 2010-05-17T18:21:13Z
Indexed on
2010/05/17
18:40 UTC
Read the original article
Hit count: 313
Hi
I am developing an open source desktop twitter client. I would like to take advantage on the new xAuth authentication method, however my app is open source which means that if I put the keys directly into the source file, it may be a vulnerability (am I correct? The twitter support guy told me).
On the other hand, putting the key directly into a binary also doesn't make sense. I am writing my application in python, so if I just supply the pyc files, it is one more seconds to get the keys, thanks to the excellent reflection capatibilities of Python. If I create a small .so file with the keys, it is also trivial to obtain the key by looking at the raw binary (keys has fixed length and character set).
What is your opinion? Is it really a secutiry hole to expose the API keys?
© Stack Overflow or respective owner