You introduced a breaking change into the API with no warning and no
help for developers as to the specifics of what we need to fix?
Developers need better support than that.

Is there some reason why posting updates to some accounts would work
and posting to others would not?  Using the same code, I'm able to
post to my development test account but not to my personal account.



On Jul 27, 10:59 pm, Doug Williams <d...@twitter.com> wrote:
> As stated above, some applications were sending invalid signatures which we
> were accepting as valid. This vulnerability was pointed out by a developer.
>
> Some libraries and code which may have previously worked may be broken by
> this security fix.
>
> Thanks,
> Doug
>
> On Mon, Jul 27, 2009 at 7:44 PM, Duane Roelands 
> <duane.roela...@gmail.com>wrote:
>
>
>
>
>
> > I am receiving 401 (Unauthorized) when calling
> >http://twitter.com/statuses/update.xml
> > and passing the following querystring:
>
> > oauth_consumer_key=[removed]
> > &oauth_nonce=912352&oauth_signature_method=HMAC-
> > SHA1&oauth_timestamp=1248748647&oauth_token=19068738-
> > hKO8qRlHPfJWqRHRkd62dGb4IiyXaXUy35Cqz58&oauth_version=1.0&status=This
> > +is+a+test&oauth_signature=Fl0kqJdHY5MkvxjUZQ%2bFn%2fxGORo%3d
>
> > This code was working this afternoon and has not been changed.
>
> > On Jul 27, 10:38 pm, goodtest <goodtest...@gmail.com> wrote:
> > > Are we sure there is no further regression bug in this new fix?
>
> > > On Jul 27, 7:14 pm, Doug Williams <d...@twitter.com> wrote:
>
> > > > If you are still seeing errors you should check your code to ensure
> > that you
> > > > are sending the correct signature.
> > > > Thanks,
> > > > Doug
>
> > > > On Mon, Jul 27, 2009 at 7:10 PM, winrich <winric...@gmail.com> wrote:
>
> > > > > mine broke too. i wonder though, i'm using the oauth python libraries
>
> > > > > On Jul 27, 6:35 pm, chinaski007 <chinaski...@gmail.com> wrote:
> > > > > > Doug:
>
> > > > > > Does this mean that Marcel made a fix for this?  Or rather that we
> > > > > > should examine our code to find the culprit?
>
> > > > > > Thanks,
> > > > > > Peter Bray
>
> > > > > > On Jul 27, 6:24 pm, Doug Williams <d...@twitter.com> wrote:
>
> > > > > > > Updating you guys on this problem. A bug was reported off list
> > that
> > > > > informed
> > > > > > > us we were not always verifying signatures. Today we shipped a
> > fix for
> > > > > this
> > > > > > > problem which ensures that we are correctly verifying signatures.
> > > > > > > If you are still seeing invalid signature errors you should
> > examine
> > > > > > > your code and ensure you are correctly signing requests
> > > > > > > as per the spec.
> > > > > > > Thanks,
> > > > > > > Doug
>
> > > > > > > On Mon, Jul 27, 2009 at 6:05 PM, Doug Williams <d...@twitter.com
>
> > > > > wrote:
> > > > > > > > Marcel is shipping a fix for this as I type.
>
> > > > > > > > Thanks,
> > > > > > > > Doug
>
> > > > > > > > 2009/7/27 João Pereira <joaomiguel.pere...@gmail.com>
>
> > > > > > > > Same here.
>
> > > > > > > >> On Tue, Jul 28, 2009 at 1:26 AM, goodtest <
> > goodtest...@gmail.com>
> > > > > wrote:
>
> > > > > > > >>> twitter api server seems to be down (getting invalid
> > signature)
> > > > > since
> > > > > > > >>> 5.15 pm pst

Reply via email to