On Sun, Jan 4, 2009 at 5:53 PM, Ed Finkler <funkat...@gmail.com> wrote:
> OAuth may have mitigated (not blocked) *one* particular worm that was > sending messages directing people to a phishing site. And yes, > removing everyone's shoes does stop the shoe bombing attack. Whether > or not this actually makes you *safer* is something we should very > carefully consider. Personally, I'd say it helps, but only a little -- > far less than most of our Thought Leaders claim. > > -- > Ed Finkler > http://funkatron.com > AIM: funka7ron > ICQ: 3922133 > Skype: funka7ron > So what do *you* recommend Ed (that goes for everyone that is criticizing OAuth, including Alex)? I see a lot of criticism against OAuth, but I see no suggestions for a solution. Right now, I think it's a step in the right direction - I see a lot of theories here, but not a lot of urgency to fix the problem. As I said, I don't care what the solution is - I just need something, other than requiring my users to enter their plain text usernames and passwords. There's huge urgency here - what's the solution to the problem? Jesse