On Jan 7, 5:12 pm, "Chad Etzel" <[email protected]> wrote:
> [CBE] That may be, but I am now curious as to the fate of the twitter > password I entered to your site to test it out... mysql> delete from passes where nick = 'chazzyjad'; Query OK, 1 row affected (0.00 sec) I didn't mean to not-answer your encryption question! I guess I shouldn't be surprised about suspicion of a new service (and personality), given twply's recent shenanigans. But if you look at the technical aspects, it should be clear that i'm not talking about another me-too service like Twitterrank, instead it's an actual security & architectural innovation for the Twitter API ecosystem. One that will allow users to "try out" services much more safely, and to have total control over how services use their account. > [CBE] Ah, makes sense, tho not immediately intuitive.. I think this > may be why people haven't tried out the proxy API yet, as they did not > know they had to use the API first in order to make their homepage > "active" so to speak. Developers also need to figure out whether their app uses Twitter API methods beyond what i've provided so far. If it is a good fit then they can try switching their API URLs to try the service. > Is the idea, though, to limit the activity that can occur from a given > host? If so, how do you limit that activity with the checkboxes? Or > do they become available once you actually use that particular > disposable password...? If that's the case, what's to stop the 3rd > party app from abusing that password before I have a chance to go back > to tweetpass and configure the usage rights? Yes, that's the idea, it's granular API control per-host and per- password. Right now it allows all API features (checks all the boxes) by default, I didn't want to do the opposite because it would be a usability problem, but that would be a good firewall-like setup. Ultimately you would want to set your own defaults. Also, it's not set that way right now, but I will make it possible to set the API permissions [[before]] a 3rd party uses a given password. -- Brian
