Twitter’s API keys and secrets leaked to the web
It would seem that Twitter has a bit of a problem on its hands, as it came out today that the data used by its official Twitter apps (and other 3rd party clients), which is supposed to be "secure", has in fact hit the web.
When any of Twitter's official apps are used, part of the communication process between the app and the service involves the use of what is called API keys along with a "secret" hash key that is supposed to tell Twitter that it is okay to let the app have access to the data being requested.
Well, it turns out that those API keys and 'secrets' for the official Twitter apps have been leaked to the web. As embarrassing as that might be, the fact is that anyone with a knowledge of how OAuth works will be able to figure out where to look for those keys.
Where this becomes a rather big problem is not only will Twitter have to reset its keys and secrets, but because 3rd party clients could presumably use the "outed" keys and secrets to get around Twitter’s imposed restrictions. This, of course, would lead right into an on-going cat and mouse game between Twitter and developers as the company would constantly have to change its API keys and secrets.
However, there is one alternative that no-one really wants to talk about, and that is Twitter could just say screw it and shut down developer access to its API, sort of a nuclear bomb approach.
Needless to say, there are possibly more than a few Twitter client developers waiting with bated breath to see what Twitter's reaction is going to be in the long run.
via The Next Web