I'm slowly working on a desktop application, and I have this thought that has been nagging at the back of my mind for quite a while now. Is there any reason, or incentive, for me to want to use a key? With an almost 100% decentralized java program, connections to the API should never run into throttling issues unless a user gets, for lack of a better word, ambitious. In addition to that, it seems like it would be impossible for me to not share the authentication key with anyone*. To the best of my knowledge, Java can always be decompiled, as encrypted JAR files don't add much security. Obfuscation is reliable, but it only scrambles the code and doesn't protect the key beyond that.
It seems like the only reason (in my situation) to use an authentication key is so that Blizzard can gauge how many people are using this program. Am I missing something?
* EDIT: Obviously no program is safe from having hardcoded strings ripped from memory, but Java is noticeably weaker and would quite literally display the string without launching dbx/gdb/whatever.
http://us.battle.net/wow/en/forum/topic/3280532771#4 That first link is talking about web apps that live on multiple machines. You should not bother getting a key for your desktop app. It's unlikely any one user needs more than the daily limit. The other problem with getting a key for an app like this, if ONE of your users abuses the daily request limit we don't want to shut off all of your users. It's much simpler without a key in this case :) |