All geek questions in one place

How to keep OAuth secret settings?

After creating my Twitter app , the following warning was displayed:

OAuth Settings

OAuth application settings. Keep the "Consumer Secret" secret. This key should never be read by a person in your application.

How can I keep the secret "Consumer Secret"?

Twitter_test.php (source: Jimbo )

// Set access tokens here $settings = array( 'oauth_access_token' => "My Oauth Access Token", 'oauth_access_token_secret' => "My Oauth Access Token Secret", 'consumer_key' => "My Consumer Key", 'consumer_secret' => "My Consumer Secret" ); $url = 'https://api.twitter.com/1.1/followers/ids.json'; $getfield = '?username=somename'; $requestMethod = 'GET'; $twitter = new TwitterAPIExchange($settings); echo $twitter->setGetfield($getfield) ->buildOauth($url, $requestMethod) ->performRequest(); ?>

TwitterAPIExchange (source: twitter-api-php )

+4
source share
3 answers

I would create a library integrated with Twitter Api and save the data in the configuration file in application / config / , as indicated in this link.

To like Twitter, just analyze:

 $this->load->library('encrypt'); echo $this->encrypt->encode('your given secret here');

Take the output, save it inside the configuration file and when you extract it:

 $this->load->library('encrypt'); $str_secret = $this->encrypt->decode($config['secret']);
  • Encryption
    -Do not forget to set the key as described in this link.

Please note that they require you to do this for maximum security if someone gains control of your ftp or similar. However, if it can be decoded, it can be read. This is not a final decision, but simply a more reliable one.

+3
source

You can save the user's secret in the database in serialization format, and not perform arithmetic during extraction and use it.

+3
source

consumer_secret is the secret key given by twitter when you subscribe to apis. You can keep it safe by placing the twitter code in your library or any of them as such a folder and make sure that the folder is not directly accessible using the browser URL.

For example, if you put twitter config.php in the lib folder, then it should not be accessible, like this

www.somedomain.com/lib/config.php

+1
source

Source: https://habr.com/ru/post/1479509/

More articles:


All Articles