Hmmm. Flickr is a service provider but if a consumer(developer) like Tweetdeck were to implement oauth and if they distribute keys there is always this problem of misusing those and the very first thing twitter would do is ban that application. Flickr can share it, but developers? i do not know .
On Mon, Feb 1, 2010 at 12:49 AM, Abraham Williams <4bra...@gmail.com> wrote: > I would like to point out the official Flickr Uploadr application that is > OAuth and open source. If you download it as a user [1] it includes their > official API keys but if you download it as a developer [2] you implement > your own API keys. > > Ironically all of these massive threads talking about impersonating > applications is probably just making more crackers aware that they can do > this. :-/ > > Abraham > > [1] http://www.flickr.com/tools/uploadr/ > [2] http://code.flickr.com/trac/browser/trunk/uploadr/README.osx#L76 > > On Sun, Jan 31, 2010 at 10:06, Josh Roesslein <jroessl...@gmail.com>wrote: > >> That's not all that secure, eventually it will be loaded into memory >> and can be found by any hacker with some patience. As soon as you >> distribute any sort of data it is no longer private. You're average >> Joe might not be able to find it, but any skilled hacker will. And >> after all the average Joe does not care anyways about OAuth tokens >> ("what's oauth?"), but hackers do. So you're kind of blocking the >> wrong person, it's the hacker you want to stop. >> >> Josh >> >> On Sun, Jan 31, 2010 at 2:28 AM, <scott.a.herb...@googlemail.com> wrote: >> > I 100% agree. >> > >> > But another idea just struck me, why not put the OAuth part of your app >> in a DLL (at lest the authentication and communication with twitter part) >> and hard code it their. >> > >> > You lose some of the open source nature of the app but it will be >> secure. >> > >> > Sent using BlackBerry® from Orange >> > >> > -----Original Message----- >> > From: Cameron Kaiser <spec...@floodgap.com> >> > Date: Sat, 30 Jan 2010 23:02:18 >> > To: <twitter-development-talk@googlegroups.com> >> > Subject: Re: [twitter-dev] Re: a security problem puzzled me about using >> oauth >> > in Desktop Client >> > >> >> OAuth as-is just wasn't designed for desktop apps, period. Square peg, >> >> round hole. If Twitter is insisting on it, I'd rather this was >> >> portrayed as a trade-off for increased user security, than a solvable >> >> problem -- I don't think it is. >> > >> > +1 >> > >> > -- >> > ------------------------------------ personal: >> http://www.cameronkaiser.com/ -- >> > Cameron Kaiser * Floodgap Systems * www.floodgap.com * >> ckai...@floodgap.com >> > -- "I'd love to go out with you, but I'm in perpetual denial." >> ---------------- >> > >> > > > > -- > Abraham Williams | Community Advocate | http://abrah.am > Project | Out Loud | http://outloud.labs.poseurtech.com > This email is: [ ] shareable [x] ask first [ ] private. > Sent from Seattle, WA, United States >
