I just got my twitter oauth token (OAuth 1.0a), so before I store it in database, I have this question: do i need to encrypt it?
A similar question was posted here.
And the answer said:
So, getting just the user's access_token from your database won't help much if they don't also have the consumer_key and consumer_secret for complete access.
The service provider compares all 4 parameters on request. It would be smart to encrypt these 4 parameters before storage and decrypt them before response.
If the hacker can't do anything with only oauth token, then why would I encrypt it?
As far as I can see, if the hacker can get my consumer key with oauth token, he will also get my encryption key storing on the server running the application.
