我正在使用Dropbox API.在示例应用程序中,它包括以下行:
// Replace this with your consumer key and secret assigned by Dropbox.
// Note that this is a really insecure way to do this, and you shouldn't
// ship code which contains your key & secret in such an obvious way.
// Obfuscation is good.
final static private String CONSUMER_KEY = "PUT_YOUR_CONSUMER_KEY_HERE";
final static private String CONSUMER_SECRET = "PUT_YOUR_CONSUMER_SECRET_HERE";
我很清楚口头'秘密不是安全',混淆真的只会略微增加提取密钥所需的工作量.我不同意他们的声明'Obfustication is good'.那我该怎么做才能保护钥匙呢?obutustication 足够好,还是应该考虑更精细的东西?