On 9/1/2010 7:01 PM, Julio Biason wrote:
On Wed, Sep 1, 2010 at 9:56 PM, John Meyer<john.l.me...@gmail.com> wrote:
And rendering the key useless to the spammer.
And to you. And your users.
That's the whole problem with it. Yes, one could simply strings(1) one
Mac app and probably retrieve the keys and spam the hell of Twitter
with it. For the spammer, it doesn't matter if the key is revoked as
he could just get another one; the real problem appears to legit users
that follow all the guildelines and really contribute for the system.
The fact that open source apps, distributing their keys, make them
"easy targets" for valid keys but that doesn't mean that applications
that "protect" their keys are safer.
For the developer, safer can be argued. But I don't think you can argue
the fact that for the end user a limited key that only lets an
application post and read and can be revoked even if the application
goes rogue isn't safer than one (ie the password) that lets them log
into that users account and change the password. That's what I think
twitter is saying when they say oAuth is safer. It is safer for the end
user.
--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group:
http://groups.google.com/group/twitter-development-talk?hl=en
