Another advantage is that if a third party application's database is
breached, all of the stored usernames and passwords would be exposed.
If the third party application was using oauth, the access token and
secret pairs are only useable if the consumer key/secret pair are
found and these can be e
The advantage to the end user of oAuth is that the client application
doesn't need the user's password anymore, the user's passwords are exchanged
ONLY with twitter, and cannot be sniffed/stored/whatever by the client
application. There is a very strong security advantage.
On Mon, May 18, 2009 at
Hi,
I was generally sceptical about it, but from an application management point
of view I no longer have to manage the users account (from the point of view
of expired passwords etc - this was a major hassle for me, if a users
password expires, they are not making use of my services), the other p
On 5/18/09 2:43 PM, Andrew Badera wrote:
The advantage is in user and service security ... I'd think that was
obvious. What is your problem with it? What "costs" do you see? OAuth
is easy.
Thanks-
- Andy Badera
- and...@badera.us
- Google me: http://www.google.com/search?q=andrew+badera
- This
On 5/18/09 10:30 AM, H.Hiro(Maraigue) wrote:
Client softwares must know end-users'(i.e. account holders') login
names and passwords, so I think there aren't more advantage of using
OAuth than basic-auth.
Actually, that's the ENTIRE POINT OF OAuth! No one, other than Twitter
needs to know an
The advantage is in user and service security ... I'd think that was
obvious. What is your problem with it? What "costs" do you see? OAuth
is easy.
Thanks-
- Andy Badera
- and...@badera.us
- Google me: http://www.google.com/search?q=andrew+badera
- This email is: [ ] bloggable [x] ask first [ ] p