On Tue, Feb 09, 2010 at 04:07:29PM -0800, Dewald Pretorius wrote:
> I don't see how Allow being the default can be a security issue.
Authorizing an app that you don't intend to has the potential to result
in significant harm - forged status updates, follow list vandalism, etc.
It *is* a security i
I don't see how Allow being the default can be a security issue. The
user is specifically sent to that page for the purpose of granting
access. Only a minuscule number of users will need to click the Deny
button.
But, I think you're right that the real issue is that the Deny button
is the first su
Making "Allow" a default on a security authorization page seems to be
asking for trouble later. At present the "Deny" button is of type
"submit". They can't use "reset" as that won't send anything back to
twitter (unless you add some sort of event via Jquery). "Deny"
doesn’t appear to be the def