On Sat, Feb 21, 2009 at 4:46 PM, jr conlin <[email protected]> wrote: > > I don't want to wave my hands at the problem, but the solution is going > to require more than just OAuth and Facebook. It's going to require > working with browser manufacturers to make sure that there's a reliable > way to indicate to users the host and URL they're connected to.
Agreed. Phishing is a social problem, not a technical one. There technological ways to help reduce phishing attacks, but as long as people can be tricked (i.e., forever) there will be phishing (and the more general term for phishing, fraud). > If I remember correctly (I don't have a mac so no iphone SDK for me) > it's possible to register a fake protocol which will allow you to jump > back into your app. Most of the Netflix iPhone apps do something like > this to do the auth. There is. Fire Eagle applications are also strongly recommended to do this, if not required. More information here: http://fireeagle.yahoo.net/developer/documentation/oauth_best_practice b. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
