I am developing an open source client for twitter. I would like to use the new xAuth authentication method, however my application is open source, which means that if I put the keys directly in the source file, this could be a vulnerability (am I right? Twitter support assistant told me).
On the other hand, entering the key directly into the binary also does not make sense. I am writing my application in python, so if I just put the pyc files in, it will take a few more seconds to get the keys, thanks to Python's excellent reflection capabilities. If I create a small .so file with keys, it is also trivial to get the key by looking at the source binary file (keys have a fixed length and character set).
What is your opinion? Is this an isolated hole for opening API keys?
Protective hole? In a broad sense, yes. In reality, however, these are not the nuclear launch codes we are talking about.
, , , - , - Twitter TOS, , . , ( ). 2 , .
, , , , , , . 100% , , n'er-do-wells.
Source: https://habr.com/ru/post/1745848/More articles:C # System.Xml.Serialization Nested Elements - c #Applying an iterative algorithm to a set of rows from a database - phpHow can I condense standalone characters in Perl? - regexTypedef naming for boost :: shared_ptr - c ++How to send a file using secure FTP protocol SSL - phpNew Objective C Developer Question - objective-cPHP Checking slave status without timeouts mysql_connect - phpРешение комбинационных проблем с LINQ/.NET4 - performanceActiveRecord attribute override - ruby | fooobar.comHow to create Global.asax in a Winform application? - WITH#/. NET - c #All Articles