If all they need is a better disclaimer I wouldn't dismiss it though. What kind of attack do you mean? The alternative is storing the username and password and I can't imagine that wouldn't be vulnerable? Unless you're talking about something on the twitter end?
- Zack On May 11, 2009, at 5:47 PM, Julian Leviston wrote: > I'm not so sure. > > I recently was on twitter, and I saw an oauth thing (user point of > view) for some app, and my default reaction was to freak out and > close the window - it didn't explain well enough that my password > wasn't going to be sent through to the third party. I immediately > felt like I had no idea of where my username and password might be > given... > > Also, if you look through the twitter wiki's post comments, someone > mentions server side scripting attack possibility. Isn't it a > possibility? > > Julian. > > On 12/05/2009, at 3:05 AM, Zack Ham wrote: > >> Good call, OAuth is definitely the right way to do this now. >> >> My simple solution is applicable if the original poster doesn't >> care and has no interest in changing things (they said they already >> are accepting usernames and passwords). >> >> - Zack >> >> >> On May 11, 2009, at 9:38 AM, Timothy Caraballo wrote: >> >>> Wouldn't it be better to use Twitter's OAuth API at this point? >>> http://apiwiki.twitter.com/OAuth+Example+-+Ruby >>> >>> >>>> On May 11, 2009 12:32 PM, "Zack Ham" <[email protected]> wrote: >>>> >>>> >>>> Here's a simple example that does this using the HTTParty gem: >>>> >>>> In your controller to post the tweet: >>>> >>>> twitter = Twitter.new(username, password) >>>> twitter.post(message) >>>> >>>> And here is the Twitter class: >>>> >>>> require 'httparty' >>>> class Twitter >>>> include HTTParty >>>> base_uri 'twitter.com' >>>> >>>> def initialize(u=nil, p=nil) >>>> @auth = {:username => u, :password => p} unless u.nil? || >>>> p.nil? >>>> end >>>> >>>> def post(text) >>>> self.class.basic_auth @auth[:username], @auth[:password] >>>> self.class.post('/statuses/update.json', :query => {:status => >>>> text}) >>>> end >>>> end >>>> On May 11, 2009, at 5:55 AM, cool wrote: > > Guys, > > I need a >>>> help very badly in this issue... >>>> >>> >>> >>> >>> >> >> >> >> > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "merb" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/merb?hl=en -~----------~----~----~----~------~----~------~--~---
