There is no way to prevent basic auth apps (web or desktop) from taking over your account or performing username/password changes. They have your username and password and can just log into the web interface.
-- Little androids dreaming of Nexus Ones compiled this text. On Apr 26, 2010 10:56 PM, "Ron B" <rbther...@gmail.com> wrote: Unless I'm wrong (it happens), I believe you can do everything the API offers with OAuth that you can currently do with basic auth. But even if that isn't true, preventing basic auth from allowing username/ password changes is a much more direct solution (and easier) than forcing an OAuth implementation to solve that issue. Anytime you enter your credentials, regardless of where, you open yourself to being snooped. I believe that is far less likely when communicating with YOUR app on YOUR computer, than it is via a browser over the open Internet to a 3rd party that may or may not be who you think it is... On Apr 26, 7:49 pm, philip crawford <philipha...@gmail.com> wrote: > With a users twitter password,... > On Mon, Apr 26, 2010 at 7:43 PM, Ron B <rbther...@gmail.com> wrote: > > Where end-user credentials... > An Experiment in Local Professional Networkinghttp:// madison.imby.info/p/Philip.Crawford -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en