Le vendredi 25 juin 2010 à 16:16 +1000, William Grant a écrit : > The code of the basic write implementation is simple. However, > difficulty arises when we consider that normal API applications probably > shouldn't be able to touch other authentication tokens. It is intended > that one should be able to stop a rogue application by simple revoking > its OAuth token; if applications were permitted to add new SSH and > OpenPGP keys, they could add backdoors that would not be closed using > normal means. >
My point is that people are already able to do to that with screenscrapping (see GoundControl for instance), I don't really understand why exposing those to API is more or less a security issue there when people click on "change everything". Or do you mean that adding gpg or ssh key writable to API is opening other backdoor than the site itself doesn't enable? _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
