On 25 June 2010 16:16, William Grant <[email protected]> wrote: > The code of the basic write implementation is simple. However, > difficulty arises when we consider that normal API applications probably > shouldn't be able to touch other authentication tokens. It is intended > that one should be able to stop a rogue application by simple revoking > its OAuth token; if applications were permitted to add new SSH and > OpenPGP keys, they could add backdoors that would not be closed using > normal means.
Interesting point. And yet, if the upshot is that these programs simulate a browser instead, it becomes a bit like security through complication. You won't stop genuinely malicious apps this way, and by making it more complex you may increase the risk of things accidentally causing trouble. (For example someone is unlikely to call addGPGKey accidentally, but it's plausible they might accidentally scribble over something when pretending to be a browser.) One thing we could do is send mail to the user's old address when a gpg or ssh key or email address is added. We could have a separate OAuth privilege for "allowed to change account data". -- Martin _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
