Well I don't like that.. does anybody here think about user experience? What is a rock solid security model good for, when nobody uses it because it's just cumbersome? As always in life, trade offs need to be made. I could design a black box where nothing would ever get in or out, but this box wouldn't be useful for anything...
Also I can't find the word "Browser" in "Twitter Client", and what's so secure about the Browser anyway? There's no reason to trust it! It's just another program, like the Twitter Client of your choice is too. Or can you make Mozilla responsible if someone gets his Accounts hacked while using Firefox? :P PS: My client uses xAuth too, but I dismiss the password instantly after the Request has been send, I think that's is a suitable solution. On Apr 27, 4:59 am, "M. Edward (Ed) Borasky" <zn...@comcast.net> wrote: > On 04/26/2010 05:16 PM, Cameron Kaiser wrote: > > >> xAuth is a method for which to exchange usernames and passwords for those > >> tokens, without send the user through the workflow. this is for two > >> reasons: 1. mobile/desktop application authors have complained that it > >> makes > >> their UX fugly when they bring up a web browser (i'll hold my opinions on > >> this); and 2. web applications that have been storing usernames and > >> passwords need a method to "bulk convert" all their users over to oauth > >> tokens. > > > and 3. Browserless environments. I'm pretty sure that was one of the initial > > motivators way back when the crud was flying. > > Yeah ... but I *like* having the browser involved. > > -- > M. Edward (Ed) Borasky > borasky-research.net/m-edward-ed-borasky > > "A mathematician is a device for turning coffee into theorems." ~ Paul Erdős > > -- > Subscription > settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
