> > yes, it could be a problem - however, there are known solutions to > > obfuscating and keeping your consumer key secret. __not perfect, but pretty > > good. __maybe we can start a discussion around this? > > What's the known solution for an open-source Web-based application > that I want to distribute to the world[1]? "Make people get their own > key" is not an acceptable solution; neither is "proxy all requests > through your own web site and add the secret there".
I had the same question and was very gratified to find out that Raffi is in fact working on this very problem with the next draft of oAuth. -- ------------------------------------ personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- mouse, n: A device for pointing at the xterm in which you want to type. ---- -- To unsubscribe, reply using "remove me" as the subject.