On Fri, 2010-06-25 at 08:28 +0200, Didier Roche wrote: > Le vendredi 25 juin 2010 à 16:16 +1000, William Grant a écrit : > > The code of the basic write implementation is simple. However, > > difficulty arises when we consider that normal API applications probably > > shouldn't be able to touch other authentication tokens. It is intended > > that one should be able to stop a rogue application by simple revoking > > its OAuth token; if applications were permitted to add new SSH and > > OpenPGP keys, they could add backdoors that would not be closed using > > normal means. > > > > My point is that people are already able to do to that with > screenscrapping (see GoundControl for instance), I don't really > understand why exposing those to API is more or less a security issue > there when people click on "change everything". > Or do you mean that adding gpg or ssh key writable to API is opening > other backdoor than the site itself doesn't enable?
If I give an application my SSO email address and password, I expect them to be able to do anything at all. But applications aren't meant to request that information -- one reason is that it's a lot harder to revoke access granted that way, and those credentials have access to a lot more than just Launchpad. OAuth is meant to be a solution to this. I think perhaps an additional access mode which permits alteration of authentication tokens could work. We already need more flexibility in that area. _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
