search

flickr-downloadr / flickr-downloadr-gtk

A cross-platform desktop app, written in Mono that would download (all or selected) photos from your photostream in their selected size along with their description, title and tags.
https://flickrdownloadr.com/
MIT License
180 stars 41 forks source link

Secrets.cs missing #30

Closed xanathar closed 5 years ago

xanathar commented 8 years ago

I totally understand that Secrets.cs has the appkey and what not, and shouldn't be in the repo otherwise everybody can implement their own app and abuse the grants given to flickr-downloader. But:

1) I think a skeleton file (like the one below) should be included with a little instruction on how to ask the keys to flickr, otherwise forking gets a bit difficult :)

2) More important, ILSpy happily decompiles Secrets.cs from the binaries, so the current secrets are in the wild !

Skeleton of a Secrets.cs :

namespace FloydPink.Flickr.Downloadr.Bootstrap
{
    public static class Secrets
    {
        public const string SharedSecret = "";

        public const string ConsumerKey = "";

        public const string ConsumerSecret = "";
    }
}
floydpink commented 8 years ago

Thank you for the suggestions and I agree with your recommendations. Do you want to send me a pull request for 1 above?

And re. 2, the idea of not keeping the OAuth keys within source control is to make the barrier of getting to them a little higher (ILSpy, dotPeek etc.). Do you have any recommendations to keep them obfuscated even within the compiled IL binaries?

floydpink commented 5 years ago

See https://github.com/flickr-downloadr/flickr-downloadr-gtk/issues/82#issuecomment-436119409