I want to create an Android application that takes advantage of Facebook and Twitter. I was planning on using OAuth but the more I think about the less confident I become in this being the best solution. My concern is with the Consumer Secret key, the one used to authenticate the application. I can safely store the Access Token's secret key because if that gets compromised the user just needs to reauthenticate and they have a new one; however, if the consumer secret gets compromised, my application as a whole gets compromised across all devices since it is app, not user, specific. This is fine for web apps since it is stored on a secure central server, but for mobile apps where it is installed in multiple devices it seems dangerous. I don't like the idea of h开发者_如何学Goaving that consumer key sitting on a number of devices just waiting to be compromised. So, I guess my question is should I be going with OAuth or is there some other better method out there.
We use OAuth without any problems. Also see here:
http://blog.oauth.net/2009/04/22/acknowledgement-of-the-oauth-security-issue/
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论