Richard Wackerbarth writes: > Since we consider the user manager to be a part of the MM complex, > what have we gained by hiding the underlying credential from the > web interface?
Security. See the OAuth 2.0 spec (RFC 6749) which recommends (at SHOULD level) this practice. _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9