A way to store sensitive data to disk, without (serious) fear of user tampering?

I'm writing an application that connects to twitter and uses the OAuth API, my issue is with storing the consumer_key and the consumer_key_secret

How can I safely store these values so they're difficult for the user to get to but still have ab开发者_JS百科ility to use them within my application?

I've had storing them within a pyc and encrypting them as suggestions so far, but I'm open to any other ideas.

An alternative to DRM (which is what you are describing) is to proxy the secured interaction through a server application on your own, controlled machine. Since you're using OAuth, you can use the same authentication credentials against your own server as you would connecting directly to twitter.

The advantage to this approach is that there is no private key disclosure; you don't share your private key with your consumers, since that's stored on a remote server that they cannot read, and your consumers don't share their passwords with you (instead, they get an OAuth token which ties that particular login to your specific service).

I apologize if I am missing something, but what is wrong with xAuth? This seems like the perfect use case for it. Your application would utilize (and therefore store) a consumer key (oauth_consumer_key) and there is no way around that: You must have something that uniquely identifies your app. You get the credentials from the user, pass these along and receive back oauth_token and oauth_token_secret to allow you to make calls on the user's behalf.