Asking developers to make reasonable efforts to keep their private keys private and not embed them in open source projects.
I thought we would have a little poll here this week. How do you keep your client id and secret secure? I have come up with a few options myself. I was wondering what do you think which is the best option?
- In a windows application we could place the values in the config file same can be said for a web.config.
- What about using constants in our project?
- What about references in the project?
- Do you have a better option?
Google gives us the JSon file as well which contains all the information about our project. How can you keep this file secure as well?
This is a very important issue and I would really love some feedback. Please feel free to leave some comments about how you keep your client id secure.
Next week I will create another post we can look at the results of the poll, and see if we have come to any concision between us.