On Sat, Nov 7, 2009 at 9:46 PM, Cameron Kaiser <spec...@floodgap.com> wrote:
> > > By credentials, I meant the OAuth tokens, consumer keys, etc. > > > > Wouldn't they be visible to the browser/desktop-client? And hence, > couldn't > > they be copied and reused by somebody so determined? > > Not necessarily the tokens, but the consumer keys could be extracted. This > is > an acknowledged failing of OAuth, and has been discussed quite a bit here > before (search the archives). > > All I want to know is: Does Twitter have any policies against use of OAuth in these circumstances? PS. Sorry if this is a repeat question. I searched the archives. There are 6800 results for "oauth" and 800 results for "oauth security". 700 results for "oauth browser". Just couldn't wade through all of them. cheers, -- Harshad RJ http://hrj.wikidot.com