bdeter
unread,Jul 28, 2010, 7:25:01 PM7/28/10Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Grackle Development
This is not strictly a Grackle question, but I'm using it and finally
getting around to switching to OAUTH, so I thought I'd start here.
I've got a single-user OAUTH scenario - I use my own account to make
various Twitter API calls so don't need to store user's OAUTH
information (yet). I'm using Sinatra with no database. I'm wondering
what is the best way (or an adequate) way to protect my application
OAUTH secrets - the consumer secret and token secret. I don't like the
idea of all four pieces sitting there in my .rb file and Twitter
recommends against that.
I've thought about setting them as environment variables in my Apache/
Passenger configuration or storing them in a read-only file on the
server. At least that way they wouldn't be checked into Github (it's a
private repo, but still...). Any other ideas?
Is there any point to encrypting them since I need two-way and if
someone gets access to the server, they'll have everything they need
to decrypt anyway?
Mostly unrelated, but in testing, I noticed that I can leave blank or
put in any value for 3 of the 4 OAUTH parameters. As long as the token
secret is right, Twitter accepts it. Anyone else experience that?
Thanks!
Brian