#1 - 2012/04/30 11:05:00 PMI'm slowly working on a desktop application, and I have this thought that has been nagging at the back of my mind for quite a while now. Is there any reason, or incentive, for me to want to use a key? With an almost 100% decentralized java program, connections to the API should never run into throttling issues unless a user gets, for lack of a better word, ambitious. In addition to that, it seems like it would be impossible for me to not share the authentication key with anyone*. To the best of my knowledge, Java can always be decompiled, as encrypted JAR files don't add much security. Obfuscation is reliable, but it only scrambles the code and doesn't protect the key beyond that.
It seems like the only reason (in my situation) to use an authentication key is so that Blizzard can gauge how many people are using this program. Am I missing something?
* EDIT: Obviously no program is safe from having hardcoded strings ripped from memory, but Java is noticeably weaker and would quite literally display the string without launching dbx/gdb/whatever.