Best Practices for REST Shared Secret Value

Question

I am using a REST API that uses oauth for authentication. When registering for the service I was given my API Consumer Key and my API Shared Secret. I've been simply hardcoding the Shared Secret into my Application code and compiling it.

Is this the best way to manage a Shared Secret? That is, are there any security implications? Should this be encrypted in some way? What are the best practices for managing this Shared Secret?

Answer 1

It depends a bit on where your code is running.

In your case a hacker would need to steal your dll, and read the key from the dll.

This is better than storing the key in a configuration file in plain text.

You could store the key ecrypted in a database, with the information about how to decrypt it in your dll. That way a hacker would have to both steal your dll and information from your database.