On Thu, Feb 5, 2009 at 7:52 PM, funkatron <funkat...@gmail.com> wrote:
> > > > On Feb 5, 10:38 pm, James Deville <james.devi...@gmail.com> wrote: > > Flickr doesn't seem to have a problem with the OAuth formula, so why are > > people thinking twitter will? > > I'm not sure people have said Twitter would have a problem. I've > personally expressed some problems specific to applications I > develop. Much of what I said would apply to desktop apps for Flickr > too, but Flickr has never offered anything but OAuth (AFAIK). > I thought I had read that concern earlier in the thread. > > > In addition, part of the concern I would have with Basic Auth is the > > plaintext password. Sure, it's Base64 encoded, but that's not encryption, > > that's just saving bandwidth. If twitter wanted to move to a different > auth > > scheme, that might work. Or they could add ssl to the API front end, and > use > > HTTPS, which is also expensive (either expensive SSL-offloading proxies, > or > > you have to lock a session to a server). I don't think Twitter should > keep a > > Basic Auth service. It just wouldn't be worth the risk to me. > > SSL has been available in the API for as long as I recall, and is in > fact officially recommended, AFAIK. > Didn't realize that... (Off to the editor...) > > -- > Ed Finkler > http://funkatron.com > AIM: funka7ron > ICQ: 3922133 > Skype: funka7ron >
