I've actually just noticed that Twitter itself uses Basic Auth: http://apiwiki.twitter.com/Authentication
It says OAuth is in development, but that Basic Auth won't be going anywhere for the foreseeable future. The trouble is, Basic Auth is insecure: http://en.wikipedia.org/wiki/Basic_access_authentication "Although the scheme is easily implemented, it relies on the assumption that the connection between the client and server computers is secure and can be trusted. Specifically, the credentials are passed as plaintext and could be intercepted easily. The scheme also provides no protection for the information passed back from the server." I am going to look around at other public web API's, but if a site as large as Twitter is content to use this system, should I be all that worried? I would really like to know what experienced web programmers do here, either in GAE+GWT, or just generally. Cheers, Shane On Jun 10, 1:02 am, Shane <[email protected]> wrote: > I've seen some pretty heated debates around the discussion boards > about this, but I haven't seen a solution that people decide on. > > Simply put, any application that I want to write will likely perform > some sort of mashup between other services, like Twitter. > > For me to do anything interesting, I need the user to enter their > Twitter username and password into a GWT client-side control on my > site, which I then send back to my app on running on GAE. I'll then > use the password to log into Twitter with their credentials and do > whatever if is I want to do, all the while not saving the users > password in plain text anywhere. I have no interest in holding onto > anyone's credentials. > > So what is the best way for me to do this? I am hearing people say > that anything short of HTTPS is a waste of time. > > I guess this also becomes the larger issue of authentication > generally, and I'm surprised there are still such heated discussions > on the subject. I thought it'd be a done deal by now. > > So, if anyone could point my in the right direction, in the context of > GWT+GAE, I'd much appreciate it. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
