Sunir Shah wrote: > I have a stupid question. This is a great question.
> When I hit the authorization page, Flickr > claims it is a trusted Yahoo! application. How does Flickr know that? > Is it relying on the consumer key and secret? My impression is that > those could be compromised in a heartbeat. Or is it doing something > more clever? > > There is no known way to securely identify downloadable client applications, so another client application could also pretend to be the app. That being said, the auth UI clearly says that the user is being asked to authorize the Flickr for iPhone app, so users who see this screen would probably think it was strange if they were installing a different app. Allen --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
