Closed xanathar closed 5 years ago
Thank you for the suggestions and I agree with your recommendations. Do you want to send me a pull request for 1 above?
And re. 2, the idea of not keeping the OAuth keys within source control is to make the barrier of getting to them a little higher (ILSpy, dotPeek etc.). Do you have any recommendations to keep them obfuscated even within the compiled IL binaries?
I totally understand that Secrets.cs has the appkey and what not, and shouldn't be in the repo otherwise everybody can implement their own app and abuse the grants given to flickr-downloader. But:
1) I think a skeleton file (like the one below) should be included with a little instruction on how to ask the keys to flickr, otherwise forking gets a bit difficult :)
2) More important, ILSpy happily decompiles Secrets.cs from the binaries, so the current secrets are in the wild !
Skeleton of a Secrets.cs :